[hm] policy workshop invitation
maxigas en anargeek.net
Sab Mar 23 13:29:02 CET 2013
Call for radical technology collectives / activist sysadmins to document best practices and talk about interoperability, visibility, education, etc. Please forward to who it may concern! Thanks and hopefully we get a translation soon.
## Practical Details
* **Audience**: system administration knowledge is required
* **Time**: April 3rd (Wednesday), 19:00 until late
* **Place**: [La Otra Carboneria], Al carrer Urgell nº 30, cantonada amb Floridablanca, <M> Urgell L2
* **Brought to you by**: [HackTheNight]
# Documentation hackathon on the Providers’ Commitment for Privacy (PCP)
Policy Website → https://policy.sarava.org/
## About The Policy
Providers’ Commitment for Privacy, or The Policy for short, is a set of security configuration requirements for activist servers. It covers some of the most common aspects of operating systems and services, like Storage, Logs, Backups, Mail, etc. For each aspect it defines three levels of commitment: Level 1, Level 2 and Level 3. It is written in a more or less technologically agnostic language. We encourage its adoption by radical technology collectives for a number of reasons:
: Through adopting and developing the policy, radical system administrators can learn from each other. New collectives can more easily develop their technologies to the level of established political providers. Working on The Policy motivates system adminstrators to improve their services and get to new levels.
: If providers publish their compliance levels on their websites, users can see the difference between political providers and commercial providers more clearly. They can become aware of issues and appreciate the efforts of system administrators more. Finally, users can make more informed decisions about which providers to rely on for a particular operation.
: Through using and debating the policy, radical technology collectives can achieve a level of consistency in the configuration of the services they offer. This enables more effective networking and solidarity between providers. This process can lead to the realisation of mistakes in the configuration or improvements to services.
Ironically, The Policy could become similar to a Quality Assurance system like ISO 9000, except that it would never become a Quality Control system, since the level of compliance is self-declared and there is no external audition. Users should trust the declared compliance level of their service providers to the same degree they trust the service these groups are providing. There is no technical replacement for trust.
The Policy Text → https://policy.sarava.org/policy/
## About the Best Practices
The Policy is supplemented by another document called Best Practices. While the policy itself is written in a more or less technologically neutral langauge, the Best Practices describes how to implement the necessary configuration for each aspect and level on particular systems and environments. For example when The Policy requires to strip user IP addresses from outgoing mails, the Best Practices should show how to achieve this on a `FreeBSD` operating system running the `exim4` mail transfer agent.
Best Practices document → https://policy.sarava.org/best_practices/
## Workshop Goals
The focus of the workshop is not to improve The Policy as such. The primary mission is to improve the documentation in the Best Practices document. The secondary mission is to promote the policy and its adoption in various ways.
* Imrove the Best Practices document about how to implement The Policy on various concrete technical environments (programs, operating sytems, etc.).
* Work on the adoption of the policy by various radical technology collectives.
* Translate The Policy to Spanish, Català, Euskara, etc.
* Graphics design and promotion materials for improving the presentation of the policy.
The Policy website is implemented in [Ikiwiki], so many people can work on it at the same time and commit their changes through [Git], or edit the website as a wiki.
[Policy Website]: https://policy.sarava.org/
[La Otra Carboneria]: http://laotracarboneria.net/
[Best Practices document]: https://policy.sarava.org/best_practices/
[The Policy Text]: https://policy.sarava.org/policy/
* * |metatron
* * |research
* * |unit
FA00 8129 13E9 2617 C614 0901 7879 63BC 287E D166
Más información sobre la lista de distribución HackMeeting