Make (and then use) a blog account policy
We have a bunch of old accounts on the blog, and for basic security hygiene, we should clean them up.
Even better, let's take this chance to develop, and post somewhere, a policy for who should be able to have a blog account, and when we'll disable them due to inactivity or etc.
Here is a proposed start to such a policy:
-
Any Tor Core Contributor can get a blog account, and it can stay active as long as they remain a core contributor.
https://gitweb.torproject.org/community/policies.git/tree/membership.txt
-
We encourage everybody with an active blog account to do blog posts. Before you post, please work with the comms team to make sure the timing and content are best. [replace this short text with the longer text from steph's comment below]
-
To limit security surface area, we will disable accounts that haven't logged in during the past n months. Accounts can always be re-enabled when people want to use them again.
(I suggest n=18 months. We should specify some avenue for how to request the account in the first place, and for how to request re-enabling.)
-
Posters should be aware of, and follow, our blog comment moderation strategy:
https://trac.torproject.org/projects/tor/wiki/doc/community/blog-comment-policy
-
We encourage guest posts from the broader community about topics that are important to Tor and Tor users. The best way to arrange a guest post is to get an existing Core Contributor to vouch for the guest, and then depending on the situation, either the core person will post it, or we'll make a blog account for the guest.