policy.md

Policies

The policies below document major architectural decisions taken in the history of the team. This process is similar to the Network Team Meta Policy. More details of the process is available in the first policy, tpa-rfc-1-policy.

To add a new policy, create the page using the template and add it to the above list. See the Writing a TPA-RFC section if you're wondering how to write a policy document or if you should.

To pick a new RFC number, you can look at the directory listing, try to figure out which is the next number here, or, if you have a copy of the Git repository for this wiki, run the command:

./bin/check-links.py -v

Draft

• TPA-RFC-3: tools
• TPA-RFC-11: SVN retirement
• TPA-RFC-17: Disaster recovery
• TPA-RFC-18: Security policy
• TPA-RFC-37: Lektor replacement
• TPA-RFC-38: Setting Up a Wiki Service
• TPA-RFC-45: Mail architecture
• TPA-RFC-47: Email account retirement
• TPA-RFC-66: Migrate to Gitlab Ultimate Edition
• TPA-RFC-80: Debian trixie upgrade schedule

Proposed

• TPA-RFC-77: Puppet merge
• TPA-RFC-78: Dangerzone retirement
• TPA-RFC-79: General merge request workflows

Standard

• TPA-RFC-1: RFC process
• TPA-RFC-2: Support
• TPA-RFC-5: GitLab migration
• TPA-RFC-6: Naming Convention
• TPA-RFC-7: root access
• TPA-RFC-8: GitLab CI libvirt exception
• TPA-RFC-14: GitLab artifacts expiry
• TPA-RFC-19: GitLab labels
• TPA-RFC-22: rename TPA IRC channel and Matrix bridge
• TPA-RFC-24: Extend merge permissions for web projects
• TPA-RFC-26: LimeSurvey upgrade
• TPA-RFC-27: Python 2 end of life
• TPA-RFC-30: Changing how lego plugins are used
• TPA-RFC-32: Nextcloud root-level shared folders migration
• TPA-RFC-33: Monitoring
• TPA-RFC-36: Gitolite, GitWeb retirement
• TPA-RFC-39: Nextcloud account policy
• TPA-RFC-44: Email emergency recovery, phase A
• TPA-RFC-46: GitLab 2FA
• TPA-RFC-48: Enable new GitLab Web IDE
• TPA-RFC-50: private GitLab pages
• TPA-RFC-51: Improve l10n review ci workflow
• TPA-RFC-55: Swap file policy
• TPA-RFC-56: large file storage
• TPA-RFC-58: Podman CI runner deployment, help needed
• TPA-RFC-59: ssh jump host aliases
• TPA-RFC-60: GitLab 2-factor authentication enforcement
• TPA-RFC-62: TPA password manager
• TPA-RFC-63: Storage server budget
• TPA-RFC-64: Puppet TLS certificates
• TPA-RFC-65: PostgreSQL backups
• TPA-RFC-68: Idle canary servers
• TPA-RFC-69: switch to HTTP basic auth on CiviCRM server
• TPA-RFC-70: Move Tails sysadmin issues
• TPA-RFC-71: Emergency email deployments, phase B
• TPA-RFC-73: Tails infra merge roadmap
• TPA-RFC-74: GitLab CI retention policy
• TPA-RFC-76: Puppet Merge request workflow

Rejected

• TPA-RFC-15: Email services (replaced with TPA-RFC-31)
• TPA-RFC-16: Replacing lektor-i18n-plugin (put on hold while we consider the Lektor replacement in TPA-RFC-37)
• TPA-RFC-25: BTCpay replacement
• TPA-RFC-29: Lektor SCSS Plugin
• TPA-RFC-31: outsource email services (in favor of TPA-RFC-44 and following)
• TPA-RFC-41: Schleuder retirement (kept for the community council)

Obsolete

• TPA-RFC-4: Prometheus disk space change (one-time change)
• TPA-RFC-9: "proposed" status and small process changes (merged in TPA-RFC-1)
• TPA-RFC-10: Jenkins retirement (one-time change)
• TPA-RFC-12: triage and office hours (merged in TPA-RFC-2)
• TPA-RFC-13: Use OKRs for the 2022 roadmap (2022 past, OKRs not used in 2023)
• TPA-RFC-20: bullseye upgrade schedule (one-time change)
• TPA-RFC-21: uninstall SVN (one-time change)
• TPA-RFC-23: retire ipv6only.torproject.net (one-time change)
• TPA-RFC-28: Alphabetical triage star of the week (merged in TPA-RFC-2)
• TPA-RFC-34: End of office hours (merged in TPA-RFC-2)
• TPA-RFC-35: GitLab email address changes (one-time change)
• TPA-RFC-40: Cymru migration budget (replaced by TPA-RFC-43)
• TPA-RFC-42: 2023 roadmap (recurring proposal)
• TPA-RFC-43: Cymru migration plan (one-time change)
• TPA-RFC-49: document the ganeti naming convention (modified TPA-RFC-6)
• TPA-RFC-52: Cymru migration timeline (one-time change)
• TPA-RFC-53: Security keys give away (one-time change)
• TPA-RFC-54: build boxes retirement (one-time change)
• TPA-RFC-57: Debian bookworm upgrade schedule
• TPA-RFC-61: 2024 roadmap (recurring proposal)
• TPA-RFC-67: Retire mini-nag (one-time change)
• TPA-RFC-72: Migrate donate-01 to gnt-dal cluster (one-time change)
• TPA-RFC-75: new office hours (merged in TPA-RFC-2)