Proposed changes to the Debian Machine Usage Policy (DMUP)
Hi,
the Debian Project Leader recently asked DSA in his delegation[1] to fix
a flaw in the current version of the DMUP, the fact that expulsions are
DAM's domain, and not our's.
I took the opportunity to also fix some other minor stuff in the current
version of the document. Please note that this is a first draft, not the
final version, which needs to be announced as per delegation to
debian-devel-announce.
Summary of changes: The Debian Systems Administration Team will do
whatever is necessary to keep all machines and services running.
Or to say it with someone else's words from IRC:
"DSA has to look after this crap, so please don't be a dick."
Find attached my proposed changes as commit log, as diff to the current
version and as full text of the new version.
I started mainaining the new version in git on
http://db.debian.org/git/DMUP.git, copied over frequently to
http://git.debian.org/?p=mirror/DMUP.git;a=summary (gitweb frontend).
Cheers,
Martin
[1] http://lists.debian.org/debian-devel-announce/2010/04/msg00016.html
--
Martin Zobel-Helas <zobel@debian.org> | Debian System Administrator
Debian & GNU/Linux Developer | Debian Listmaster
Public key http://zobel.ftbfs.de/5d64f870.asc - KeyID: 5D64 F870
GPG Fingerprint: 5DB3 1301 375A A50F 07E7 302F 493E FB8E 5D64 F870
commit 6fe8c48ea05d8c2f5280aeff330c998b9a103ef7
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 16:24:17 2010 +0200
Better wording for §0
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit f473e656a58efa062b44bca68c6b6d38f9886fd5
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 16:10:09 2010 +0200
expulsions are DAM's domain
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit abcc73391e77840da60a5d9fcee81ec8fb05e1b6
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 15:38:12 2010 +0200
Add a stanza about the intention of this document and DSA
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit 9965a489dcf11d3b0b6182a15b380e5caef19481
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 15:03:55 2010 +0200
s/DSA's/DSA/
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit a704b18213b3ecfa2ac69fef522af9f1f7032d7b
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 14:43:59 2010 +0200
Avoid first/second person wherever possible
commit 84fdb6be7c271fb03a051faee4def6a8f5302535
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 14:31:37 2010 +0200
Move 2.4 to 2.1, as used abbreviations should be mentioned before being used
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit b249343ade59410dd4a2d515b6f70f69d03cd54d
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 13:46:11 2010 +0200
Add a stanza about the version of this document.
Rational: Newer versions need to be announced as per DSA delegation stated
in http://lists.debian.org/debian-devel-announce/2010/04/msg00016.html
We also want that prior versions of that document become invalid when the
new version becomes valid.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
commit eb4a1e7215b535bda6a447d72a7769bf5555c4f7
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 13:33:50 2010 +0200
start new version of DMUP
commit ce85a966ae8e0c3476cc6309a35fbcccabdd90c7
Author: Martin Zobel-Helas <zobel@debian.org>
Date: Sun May 2 13:18:36 2010 +0200
initial version taken from cvs.d.o, Revision 1.7
diff --git a/DMUP b/DMUP
index 73312cf..8aba26e 100644
--- a/DMUP
+++ b/DMUP
@@ -1,10 +1,16 @@
Debian Machine Usage Policies
- Version 1.1.1
+ Version 1.1.2
+ 0. This version of the Debian Machine Usage Policies becomes effective
+ on $DATE1 and supersedes all previous versions. It was announced on
+ $DATE2
1. Introduction
This document describes the policies for using Debian machines
and all rules surrounding those.
In short:
+ + The Debian Systems Administration Team will do whatever is
+ necessary to keep all machines and services working and
+ running in a secure fashion.
+ Don't by any wilful, deliberate, reckless or unlawful act
interfere with the work of another developer or jeopardize the
integrity of data networks, computing equipment, systems
@@ -20,23 +26,24 @@ Debian Machine Usage Policies
guidelines specify rules that may be violated if necessary but we
would rather one did not.
2. General statements
- 1. Privilege
+ 1. Used abbreviations
+ o DSA - Debian Systems Administration Team
+ o DMUP - Debian Machine Usage Policy (this document)
+ o DPL - Debian Project Leader
+ o DAM - Debian Account Managers
+ 2. Privilege
Access to Debian Facilities is a privilege, not a right or a
- commercial service, and we reserve the right to revoke this
+ commercial service, and DSA reserves the right to revoke this
privilege at any time, without prior notice. An explanation
will be given within 48 hours.
- 2. Guarantees
- There is no guarantee of service. Although we will do our best
- to assure that everything functions perfectly, we can't give
+ 3. Guarantees
+ There is no guarantee of service. Although DSA will do it's best
+ to assure that everything functions perfectly, they can't give
any guarantees.
- 3. Privacy
+ 4. Privacy
If necessary to keep machines working properly the DSA is
allowed to edit user files. (for example modifying .forward
files to break mail loops.)
- 4. Used abbreviations
- o DSA - Debian Systems Administration
- o DMUP - Debian Machine Usage Policy (this document)
- o DPL - Debian Project Leader
3. Penalties
If someone violates the rules set in this document they will be
subjected to a penalty. The penalty depends on the number of
@@ -45,20 +52,21 @@ Debian Machine Usage Policies
1. The accounts of the offender will be suspended and access
will not be available.
2. The offender will be required to contact the Debian
- Systems Administration and convince us that there will be
+ Systems Administration and convince DSA that there will be
no further breaches of the DMUP by the offender.
- 3. If the offender fails to contact the DSA within 14 days,
- the account will be terminated and the offender expelled
- from the Debian project. If the offender has announced
- they will be on vacation in this time frame this period
- will be extended with the announced duration of the
- vacation.
+ 3. If the offender fails to contact DSA within 14 days, DSA
+ will propose this account to DAM to be terminated and the
+ offender expelled from the Debian project. If the offender
+ has announced they will be on vacation in this time frame
+ this period will be extended with the announced duration of
+ the vacation.
4. If the offender is expelled from the project they can
register to become a maintainer again after a period of a
month. The offense will remain on record.
2. Second offense
1. The offenders accounts will be suspended immediately and
- the offender expelled from the project.
+ DSA will propose this account to DAM to be terminated
+ immediately.
2. If the offender does not file for an appeal within the
designated time frame the account is terminated.
3. The offender is prohibited from registering as a Debian
@@ -88,10 +96,10 @@ Debian Machine Usage Policies
after a week. Some machines have /scratch partitions
specifically for storing large data sets without fear of
them being erased. If you receive an email notification
- that your homedir is large and that we need more space
- then please promptly take action. The DSA's may find it
- necessary to clean up exceptionally large space users
- without warning.
+ that your homedir is large and that more free space is
+ needed then please promptly take action. The DSA may
+ find it necessary to clean up exceptionally large space
+ users without warning.
Shell:
Please use ssh/scp if at all possible rather than less
@@ -108,10 +116,10 @@ Debian Machine Usage Policies
Processes:
Do not run any long running process without the permission
- of the DSA's. Running servers of any sort (this includes
- IRC bots) without prior permission from the DSA's is also
+ of the DSA. Running servers of any sort (this includes
+ IRC bots) without prior permission from the DSA is also
forbidden. Avoid running processes that are abusive in CPU
- or memory. If necessary the DSA's will reap up such
+ or memory. If necessary the DSA will reap up such
processes without warning.
WWW pages:
@@ -147,7 +155,7 @@ Debian Machine Usage Policies
IMAP, use your ISP's mail server and forwarding. As with
web pages incoming mail is generally encouraged to be of a
Free Software nature or related to the project somehow.
- The DSA's may find it necessary to compress, relocate or
+ The DSA may find it necessary to compress, relocate or
erase mail without warning.
If a Developer becomes unreachable for a prolonged time their
@@ -157,7 +165,7 @@ Debian Machine Usage Policies
abuse. Debian does not have any Usenet news servers. It may be that
some of the Debian machines have access to such a news server, but
their use through Debian machines is strictly forbidden.
- Examples of what we consider net abuse:
+ Examples of what DSA considers net abuse:
+ Chain Letters and Ponzi Pyramid-Selling Schemes
Such messages work (or rather, don't work) in much the same
way as their paper-based cousins. The most common example of
Debian Machine Usage Policies
Version 1.1.2
0. This version of the Debian Machine Usage Policies becomes effective
on $DATE1 and supersedes all previous versions. It was announced on
$DATE2
1. Introduction
This document describes the policies for using Debian machines
and all rules surrounding those.
In short:
+ The Debian Systems Administration Team will do whatever is
necessary to keep all machines and services working and
running in a secure fashion.
+ Don't by any wilful, deliberate, reckless or unlawful act
interfere with the work of another developer or jeopardize the
integrity of data networks, computing equipment, systems
programs, or other stored information.
+ Don't use Debian Facilities for private financial gain or for
commercial purposes, including consultancy or any other work
outside the scope of official duties or functions for the time
being, without specific authorization to do so.
+ Don't use Debian Facilities for unlawful activities,
including, but not limited to, software piracy.
This document contains two parts: policies and guidelines. The
rules in the policies are binding and may not be violated. The
guidelines specify rules that may be violated if necessary but we
would rather one did not.
2. General statements
1. Used abbreviations
o DSA - Debian Systems Administration Team
o DMUP - Debian Machine Usage Policy (this document)
o DPL - Debian Project Leader
o DAM - Debian Account Managers
2. Privilege
Access to Debian Facilities is a privilege, not a right or a
commercial service, and DSA reserves the right to revoke this
privilege at any time, without prior notice. An explanation
will be given within 48 hours.
3. Guarantees
There is no guarantee of service. Although DSA will do it's best
to assure that everything functions perfectly, they can't give
any guarantees.
4. Privacy
If necessary to keep machines working properly the DSA is
allowed to edit user files. (for example modifying .forward
files to break mail loops.)
3. Penalties
If someone violates the rules set in this document they will be
subjected to a penalty. The penalty depends on the number of
previous violations and the offense involved.
1. First offense
1. The accounts of the offender will be suspended and access
will not be available.
2. The offender will be required to contact the Debian
Systems Administration and convince DSA that there will be
no further breaches of the DMUP by the offender.
3. If the offender fails to contact DSA within 14 days, DSA
will propose this account to DAM to be terminated and the
offender expelled from the Debian project. If the offender
has announced they will be on vacation in this time frame
this period will be extended with the announced duration of
the vacation.
4. If the offender is expelled from the project they can
register to become a maintainer again after a period of a
month. The offense will remain on record.
2. Second offense
1. The offenders accounts will be suspended immediately and
DSA will propose this account to DAM to be terminated
immediately.
2. If the offender does not file for an appeal within the
designated time frame the account is terminated.
3. The offender is prohibited from registering as a Debian
maintainer again.
3. Publication
1. The offense and the penalty will be announced to Debian
developers only.
2. Should it, in the sole opinion of the Debian project
leader, be considered necessary, then a public
announcement will be made. This can include the offenders
identity.
4. Appeal
1. If the offender does not agree with the decision made by
the DSA they can appeal to the developers. This is only
possible in the 14 days directly following the day the
offender was informed of the sentence. This is done using
the procedure as detailed in section 4.2 of the Debian
constitution.
2. During the time the appeal is processed the account will
remain suspended.
4. The policies
This section lists the policies. This list is not and cannot be
inclusive.
Disk usage:
All machines run a /tmp cleanup daemon and expire files
after a week. Some machines have /scratch partitions
specifically for storing large data sets without fear of
them being erased. If you receive an email notification
that your homedir is large and that more free space is
needed then please promptly take action. The DSA may
find it necessary to clean up exceptionally large space
users without warning.
Shell:
Please use ssh/scp if at all possible rather than less
secure alternatives (rsh, telnet or FTP).
Idle connections are killed after an hour; this is easy to
bypass, but please don't do so without good cause.
Mirroring via any private means any portion of the public
archives from the private servers is strictly forbidden
without the prior consent of the residing Mirror Master.
Developers are free to use any publicly available forms of
access.
Processes:
Do not run any long running process without the permission
of the DSA. Running servers of any sort (this includes
IRC bots) without prior permission from the DSA is also
forbidden. Avoid running processes that are abusive in CPU
or memory. If necessary the DSA will reap up such
processes without warning.
WWW pages:
In general, web space on Debian machines is provided for
the purpose of communicating ideas and files related to
the project, or to the Free Software community in general.
Private 'vanity' pages on Debian machines are discouraged.
Commercial web pages are not permitted.
You are responsible for the content of your WWW pages,
including obtaining the legal permission for any works
they include and ensuring that the contents of these pages
do not violate the laws that apply to the location of the
server.
You are responsible for and accept responsibility for any
defamatory, confidential, secret or other proprietary
material available via your WWW pages.
You may not advertise your WWW pages, or cause another
person to advertise it, by techniques that would be
classified as abuse if they were carried out from a Debian
Account. This includes, but is not limited to, bulk
emailing and excessive news posting. Such action may be
treated under the appropriate DMUP as if it had been done
from the Account, or as a violation of this DMUP or both.
Mail/News:
Using Debian machines for reading mail is OK, please
choose a lightly loaded machine [ie not master]. We do not
support the use of mail download methods such as POP or
IMAP, use your ISP's mail server and forwarding. As with
web pages incoming mail is generally encouraged to be of a
Free Software nature or related to the project somehow.
The DSA may find it necessary to compress, relocate or
erase mail without warning.
If a Developer becomes unreachable for a prolonged time their
accounts, data and mail forwarding/filtering/etc may be disabled
until they reappear.
Don't use Debian facilities in a manner which constitutes net
abuse. Debian does not have any Usenet news servers. It may be that
some of the Debian machines have access to such a news server, but
their use through Debian machines is strictly forbidden.
Examples of what DSA considers net abuse:
+ Chain Letters and Ponzi Pyramid-Selling Schemes
Such messages work (or rather, don't work) in much the same
way as their paper-based cousins. The most common example of
this in email is MAKE-MONEY-FAST. In addition to being a waste
of resources, such messages are illegal in certain countries.
+ Unsolicited Commercial Email (UCE)
Unsolicited Commercial Email is advertising material received
by email without the recipient either requesting such
information or otherwise expressing an interest in the
material advertised.
Since many Internet users use a dial-up connection and pay for
their online time, it costs them money to receive email.
Receipt of unsolicited commercial advertising therefore costs
them money and is particularly unwelcome.
It should be noted that a user has not expressed an interest
by the mere act of posting a news article in any particular
newsgroup, unless of course they have made a specific request
for information to be emailed to them.
+ Unsolicited Bulk Email (UBE)
Similar to the above UCE but not attempting to sell anything.
Its sole purpose is usually to annoy.
+ Forged headers and / or Addresses
Forging headers or messages means sending mail such that its
origin appears to be another user or machine, or a
non-existent machine.
It is also forgery to arrange for any replies to the mail to
be sent to some other user or machine.
However, in either case, if prior permission has been granted
to you by the other user or the administrators of the other
machine, then there is no problem, and of course "null"
reverse paths can be used as defined in the relevant RFCs.
+ Mail Bombing
Mail bombing is the sending of multiple emails, or one large
email, with the sole intent of annoying and / or seeking
revenge on a fellow Internet user. It is wasteful of shared
Internet resource as well as serving no value to the
recipient.
Due to the time taken to download it, sending long email to
sites without prior agreement can amount to denial of service,
or access to email at the receiving site. Note that if binary
attachments are added to mail this may increase the size
considerably. If prior arrangement has not been made, the mail
will be extremely unwelcome.
+ Denial of Service attacks
Denial of Service is any activity designed to prevent a
specific host on the Internet making full and effective use of
their facilities. This includes, but is not limited to:
o Mail bombing an address in such a way to make their
Internet access impossible, difficult, or costly.
o Opening an excessive number of mail connections to the
same host.
o Intentionally sending email designed to damage the
receiver's systems when interpreted; for example, sending
malicious programs or viruses attached to an email.
o Using a smarthost or SMTP relay without authorization to
do so.
+ Mailing List Subscriptions
You must not subscribe anyone, other than a user on your own
host, to a mail list or similar service without their
permission.
+ Illegal Content
You must not send via email any item which it is illegal to
send or possess.
+ Breach of Copyright or Intellectual Property
You must not send (via email) or post Copyright material or
Intellectual Property unless you have permission to do so.
+ Binary Postings to non-Binary Groups
Outside of the alt.binaries... and alt.pictures... newsgroup
hierarchies, the posting of encoded binary data is considered
most unwelcome. The majority of Usenet sites and readers do
not have the capability for selective transmission of articles
(kill-filing) and such posts can result in a significant
amount of resources being tied up and wasted in the
transmission process, and as such can be considered as a
denial of service attack on multiple recipients. [Example]
+ Excessive Cross-Posting
Simply put, this form of unacceptable behavior occurs when the
same article is cross-posted to a large number of unrelated
newsgroups.
+ Excessive Multi-Posting
Simply put, this form of unacceptable behavior occurs when a
substantively similar (perhaps differing only in Subject
header) article is posted to a large number of unrelated
newsgroups.
Reply to: