|
|
|
|
|
== Bus factor session ==
|
|
## Bus factor session
|
|
|
|
|
|
Date: 13/10 2017.
|
|
Date: 13/10 2017.
|
|
Host: Shari
|
|
Host: Shari
|
... | @@ -59,7 +59,7 @@ have been rotated without the larger groups knowledge. |
... | @@ -59,7 +59,7 @@ have been rotated without the larger groups knowledge. |
|
Jens mentions that he found out that we do have off-site backup: Cymru.
|
|
Jens mentions that he found out that we do have off-site backup: Cymru.
|
|
Rob or Sina might be our contact for this.
|
|
Rob or Sina might be our contact for this.
|
|
|
|
|
|
=== PGP Keys ===
|
|
### PGP Keys
|
|
|
|
|
|
Roger moves over to talking about PGP keys.
|
|
Roger moves over to talking about PGP keys.
|
|
|
|
|
... | @@ -69,7 +69,7 @@ Roger moves over to talking about PGP keys. |
... | @@ -69,7 +69,7 @@ Roger moves over to talking about PGP keys. |
|
|
|
|
|
We need to identify if there are pins for the PGP keys for Tor browsers.
|
|
We need to identify if there are pins for the PGP keys for Tor browsers.
|
|
|
|
|
|
=== External Services ===
|
|
### External Services
|
|
|
|
|
|
Nick mentions that there are accounts on different services, for
|
|
Nick mentions that there are accounts on different services, for
|
|
example, Apple's App Store account that is registered for execdir@, but
|
|
example, Apple's App Store account that is registered for execdir@, but
|
... | @@ -95,7 +95,7 @@ might not be involved with Tor anymore? Roger mentions that the |
... | @@ -95,7 +95,7 @@ might not be involved with Tor anymore? Roger mentions that the |
|
financial "stuff" (ahf assumes this means 503 finances) might have sites
|
|
financial "stuff" (ahf assumes this means 503 finances) might have sites
|
|
like grants.gov that Brad might have access to.
|
|
like grants.gov that Brad might have access to.
|
|
|
|
|
|
=== Software Development ===
|
|
### Software Development
|
|
|
|
|
|
We have projects with one maintainer that signs releases, but its
|
|
We have projects with one maintainer that signs releases, but its
|
|
problematic if that person leaves for some reason.
|
|
problematic if that person leaves for some reason.
|
... | @@ -107,7 +107,7 @@ contact to OTF for example? |
... | @@ -107,7 +107,7 @@ contact to OTF for example? |
|
Shari mentions that with staff we should be sure to have redundancy - it
|
|
Shari mentions that with staff we should be sure to have redundancy - it
|
|
is also mentioned that everyone should be able to go on vacation.
|
|
is also mentioned that everyone should be able to go on vacation.
|
|
|
|
|
|
=== Trust Bottlenecks ===
|
|
### Trust Bottlenecks
|
|
|
|
|
|
Roger mentions that, for example, if Nick is the only one announcing Tor
|
|
Roger mentions that, for example, if Nick is the only one announcing Tor
|
|
releases that if somebody else did the release would anybody believe
|
|
releases that if somebody else did the release would anybody believe
|
... | @@ -118,13 +118,13 @@ Weasel is a trust bottleneck for administration. |
... | @@ -118,13 +118,13 @@ Weasel is a trust bottleneck for administration. |
|
We discuss redundancy around financial stuff like what happens if Sue
|
|
We discuss redundancy around financial stuff like what happens if Sue
|
|
goes on vacation and we need to contact the auditors.
|
|
goes on vacation and we need to contact the auditors.
|
|
|
|
|
|
=== Physical Security ===
|
|
### Physical Security
|
|
|
|
|
|
Nick mentions that it is good that with Git as part of the software
|
|
Nick mentions that it is good that with Git as part of the software
|
|
development model that everyone have the entire history of the
|
|
development model that everyone have the entire history of the
|
|
repository with commits, etc.
|
|
repository with commits, etc.
|
|
|
|
|
|
=== Personal Contacts ===
|
|
### Personal Contacts
|
|
|
|
|
|
How we do we ensure that people knows different people that we depend
|
|
How we do we ensure that people knows different people that we depend
|
|
upon? We should make sure that at least two people knows who to reach
|
|
upon? We should make sure that at least two people knows who to reach
|
... | @@ -147,7 +147,7 @@ place and where. |
... | @@ -147,7 +147,7 @@ place and where. |
|
|
|
|
|
Generally things would be "OK" for most people (not the sysadmins!).
|
|
Generally things would be "OK" for most people (not the sysadmins!).
|
|
|
|
|
|
==== What happens if someone attacks the directory authorities? ====
|
|
#### What happens if someone attacks the directory authorities?
|
|
|
|
|
|
We currently need at least 5 of them online to work. How well are these
|
|
We currently need at least 5 of them online to work. How well are these
|
|
monitored? It sounds like people identify very quickly if a directory
|
|
monitored? It sounds like people identify very quickly if a directory
|
... | @@ -160,7 +160,7 @@ testnet, but with a lot of work. |
... | @@ -160,7 +160,7 @@ testnet, but with a lot of work. |
|
Directory authorities should have their keys offline. This is something
|
|
Directory authorities should have their keys offline. This is something
|
|
the directory authority people should talk about.
|
|
the directory authority people should talk about.
|
|
|
|
|
|
=== History in the org ===
|
|
### History in the org
|
|
|
|
|
|
We haven't documented very well when things happened historically to
|
|
We haven't documented very well when things happened historically to
|
|
TPO.
|
|
TPO.
|
... | @@ -177,7 +177,7 @@ over a summer to write down the oral history of Tor? It is mentioned |
... | @@ -177,7 +177,7 @@ over a summer to write down the oral history of Tor? It is mentioned |
|
that the person shouldn't be too "journalist'y". Benjamin Mako Hill
|
|
that the person shouldn't be too "journalist'y". Benjamin Mako Hill
|
|
might know someone here?
|
|
might know someone here?
|
|
|
|
|
|
=== Metrics single point of failures ===
|
|
### Metrics single point of failures
|
|
|
|
|
|
The metrics team used to have some cron jobs that was troublesome.
|
|
The metrics team used to have some cron jobs that was troublesome.
|
|
|
|
|
... | @@ -194,11 +194,11 @@ that they leave the contract might go away by the funder. This is an |
... | @@ -194,11 +194,11 @@ that they leave the contract might go away by the funder. This is an |
|
opportunity for the funder to get out of the contract that they might be
|
|
opportunity for the funder to get out of the contract that they might be
|
|
able to use.
|
|
able to use.
|
|
|
|
|
|
=== Collaborators on projects ===
|
|
### Collaborators on projects
|
|
|
|
|
|
This should be possible to find out by going over Tommy's list.
|
|
This should be possible to find out by going over Tommy's list.
|
|
|
|
|
|
=== Hiring Tor sysadmin ===
|
|
### Hiring Tor sysadmin
|
|
|
|
|
|
This is a problem in that we cannot just send out an open letter to
|
|
This is a problem in that we cannot just send out an open letter to
|
|
hiring people and then give them root on everything.
|
|
hiring people and then give them root on everything.
|
... | @@ -206,17 +206,17 @@ hiring people and then give them root on everything. |
... | @@ -206,17 +206,17 @@ hiring people and then give them root on everything. |
|
Does hiro have access to what she needs? Does she need lower level
|
|
Does hiro have access to what she needs? Does she need lower level
|
|
access to the systems.
|
|
access to the systems.
|
|
|
|
|
|
=== The donation infrastructure ===
|
|
### The donation infrastructure
|
|
|
|
|
|
The donation infrastructure is independent of normal infrastructure (run
|
|
The donation infrastructure is independent of normal infrastructure (run
|
|
by people outside of Tor). We are unsure about the administration of
|
|
by people outside of Tor). We are unsure about the administration of
|
|
this. Giant Rabbit is running the service.
|
|
this. Giant Rabbit is running the service.
|
|
|
|
|
|
=== Board bottlenecks ===
|
|
### Board bottlenecks
|
|
|
|
|
|
We do not believe we have any board bottlenecks.
|
|
We do not believe we have any board bottlenecks.
|
|
|
|
|
|
=== What happens if the ED leaves ===
|
|
### What happens if the ED leaves
|
|
|
|
|
|
We would go to brad and ewyatt and ask them for what to do?
|
|
We would go to brad and ewyatt and ask them for what to do?
|
|
|
|
|
... | @@ -225,7 +225,7 @@ What about relationships? |
... | @@ -225,7 +225,7 @@ What about relationships? |
|
Who knows where these x amount of USD is now since they are not in our
|
|
Who knows where these x amount of USD is now since they are not in our
|
|
bank account?
|
|
bank account?
|
|
|
|
|
|
=== Social bottlenecks ===
|
|
### Social bottlenecks
|
|
|
|
|
|
We need to be sure that if key employee leaves that things are passed on
|
|
We need to be sure that if key employee leaves that things are passed on
|
|
to the rest of the team.
|
|
to the rest of the team.
|
... | @@ -233,7 +233,7 @@ to the rest of the team. |
... | @@ -233,7 +233,7 @@ to the rest of the team. |
|
We should go over the vegas team and see how much $stuff they have and
|
|
We should go over the vegas team and see how much $stuff they have and
|
|
what knowledge they have that might not be shared.
|
|
what knowledge they have that might not be shared.
|
|
|
|
|
|
=== Torservers.net ===
|
|
### Torservers.net
|
|
|
|
|
|
If Moritz disappears what happens here? Juris and qbi are the backup persons.
|
|
If Moritz disappears what happens here? Juris and qbi are the backup persons.
|
|
Colin is helping out.
|
|
Colin is helping out.
|
... | @@ -241,13 +241,13 @@ Colin is helping out. |
... | @@ -241,13 +241,13 @@ Colin is helping out. |
|
We discuss the structure and mechanisms around torservers.net, how money
|
|
We discuss the structure and mechanisms around torservers.net, how money
|
|
flows to country-based NFP orgs that runs relays.
|
|
flows to country-based NFP orgs that runs relays.
|
|
|
|
|
|
=== How do we handle an attack? ===
|
|
### How do we handle an attack?
|
|
|
|
|
|
- Ensure we have two people that is able to do the work.
|
|
- Ensure we have two people that is able to do the work.
|
|
- Ensure that the two independent people is able to verify the work at
|
|
- Ensure that the two independent people is able to verify the work at
|
|
different times.
|
|
different times.
|
|
|
|
|
|
=== Physical documentation storage ===
|
|
### Physical documentation storage
|
|
|
|
|
|
Nick mentions that it is possible to print documents and store them
|
|
Nick mentions that it is possible to print documents and store them
|
|
behind a physical lock.
|
|
behind a physical lock.
|
... | @@ -255,7 +255,7 @@ behind a physical lock. |
... | @@ -255,7 +255,7 @@ behind a physical lock. |
|
Things that we want to store, but never want to look at, is excellent
|
|
Things that we want to store, but never want to look at, is excellent
|
|
for storing on papers.
|
|
for storing on papers.
|
|
|
|
|
|
== Action item ==
|
|
## Action item
|
|
|
|
|
|
|
|
|
|
- We need a better password management solution than the one we have in
|
|
- We need a better password management solution than the one we have in
|
... | | ... | |