Opened 6 months ago

Last modified 3 months ago

#33109 assigned task

Make (and then use) a blog account policy

Reported by: arma Owned by: ggus
Priority: Medium Milestone:
Component: Webpages/Blog Version:
Severity: Normal Keywords:
Cc: stephw, hiro, jnewsome Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arma)

We have a bunch of old accounts on the blog, and for basic security hygiene, we should clean them up.

Even better, let's take this chance to develop, and post somewhere, a policy for who should be able to have a blog account, and when we'll disable them due to inactivity or etc.

Here is a proposed start to such a policy:

  • Any Tor Core Contributor can get a blog account, and it can stay active as long as they remain a core contributor.

https://gitweb.torproject.org/community/policies.git/tree/membership.txt

  • We encourage everybody with an active blog account to do blog posts. Before you post, please work with the comms team to make sure the timing and content are best. [replace this short text with the longer text from steph's comment below]
  • To limit security surface area, we will disable accounts that haven't logged in during the past n months. Accounts can always be re-enabled when people want to use them again.

(I suggest n=18 months. We should specify some avenue for how to request the account in the first place, and for how to request re-enabling.)

  • Posters should be aware of, and follow, our blog comment moderation strategy:

https://trac.torproject.org/projects/tor/wiki/doc/community/blog-comment-policy

  • We encourage guest posts from the broader community about topics that are important to Tor and Tor users. The best way to arrange a guest post is to get an existing Core Contributor to vouch for the guest, and then depending on the situation, either the core person will post it, or we'll make a blog account for the guest.

Child Tickets

Change History (7)

comment:1 Changed 6 months ago by steph

Comms team page in progress: https://trac.torproject.org/projects/tor/wiki/org/teams/CommunicationsTeam

We encourage everybody with an active blog account to do blog posts. Tor is a very visible organization, and we want to make sure all content aligns with our values and mission, so posts must be coordinated with the communications team. Before writing a post, please work with the comms team to make sure the timing and content are best. At minimum, comms should be given at 3 least days to review and finalize a post. Some posts may take longer or may be out of scope for our blog, so it is best to reach out to comms when you have an idea to talk through content, structure, and timing.

comment:2 Changed 6 months ago by arma

Awesome. That is a great replacement text for bullet point 2.

comment:3 Changed 6 months ago by arma

Gus, I'm letting you lead this one if you want. :) Let me know if that's a poor idea and I should drive it.

I'm hoping the policy will be uncontroversial, since we're just trying to capture what we're doing now.

Three next steps:

(A) Think about who else are the main blog constituents, to make sure we check with them to see if they have any improvements or clarifications to make. Maybe checking with Steph is enough, and we're all set there, and the next step is to show the rest of the community the draft proposal (e.g. with a mail to tor-project@) and give them a timeframe for comments / fixes / suggestions and then we're done?

(B) Figure out where to post this policy. We could put it on trac, alongside the comment moderation policy. But ultimately we want space on an actual official Tor website for this policy, plus probably for the comment moderation one too.

(C) Figure out how best to "disable" an account. Some blog accounts are disabled currently by removing the Blogger capability from them. Others are disabled by taking away the 'active' flag. Maybe we even deleted some others. We should get some consistency on what we do to disable an account -- I bet hiro would have a good opinion there.

comment:4 Changed 6 months ago by arma

Description: modified (diff)

comment:5 Changed 6 months ago by pili

Cc: hiro added

At some point in the not too distant future (currently planned to start in March) we will move the blog to a static site using lektor. When this happens, I don't think we'll have the concept of user blog accounts anymore.

This means that this policy may become obsolete quite quickly :)

comment:6 in reply to:  5 Changed 3 months ago by anarcat

Replying to pili:

At some point in the not too distant future (currently planned to start in March) we will move the blog to a static site using lektor. When this happens, I don't think we'll have the concept of user blog accounts anymore.

This means that this policy may become obsolete quite quickly :)

I also hope that we move to a static site soon, but I think a policy will still be relevant: it will determine who has push (or merge?) access to the git repository! It will need to change to document the review workflow, of course, but I don't think it's a completely wasted effort.

comment:7 Changed 3 months ago by jnewsome

Cc: jnewsome added
Note: See TracTickets for help on using tickets.