Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • B blog
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 7
    • Issues 7
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Web
  • blog
  • Issues
  • #33109
Closed
Open
Created Jan 30, 2020 by Roger Dingledine@armaMaintainer

Make (and then use) a blog account policy

We have a bunch of old accounts on the blog, and for basic security hygiene, we should clean them up.

Even better, let's take this chance to develop, and post somewhere, a policy for who should be able to have a blog account, and when we'll disable them due to inactivity or etc.

Here is a proposed start to such a policy:

  • Any Tor Core Contributor can get a blog account, and it can stay active as long as they remain a core contributor.

    https://gitweb.torproject.org/community/policies.git/tree/membership.txt

  • We encourage everybody with an active blog account to do blog posts. Before you post, please work with the comms team to make sure the timing and content are best. [replace this short text with the longer text from steph's comment below]

  • To limit security surface area, we will disable accounts that haven't logged in during the past n months. Accounts can always be re-enabled when people want to use them again.

    (I suggest n=18 months. We should specify some avenue for how to request the account in the first place, and for how to request re-enabling.)

  • Posters should be aware of, and follow, our blog comment moderation strategy:

    https://trac.torproject.org/projects/tor/wiki/doc/community/blog-comment-policy

  • We encourage guest posts from the broader community about topics that are important to Tor and Tor users. The best way to arrange a guest post is to get an existing Core Contributor to vouch for the guest, and then depending on the situation, either the core person will post it, or we'll make a blog account for the guest.

Assignee
Assign to
Time tracking