Clarify admin & FPF roles and responsibilities; services #206
Conversation
There was a problem hiding this comment.
Some comments inline. Once they are resolved, good to merge from my perspective, after review from @rocodes or @zenmonkeykstop
docs/admin.rst
Outdated
|
|
||
| * :ref:`manage users <manage_users>` | ||
| * :ref:`manage the system configuration <manage_config>` | ||
| * :ref:`ensure that servers and workstations are kept up-to-date <manage_updates>` |
docs/admin.rst
Outdated
|
|
||
| .. note:: | ||
|
|
||
| Freedom of the Press Foundation does not offer systems administration, |
There was a problem hiding this comment.
I would lead this with something like
The org hosting SecureDrop owns and operates their own instances
There was a problem hiding this comment.
Used similar language in 69eac63
docs/admin.rst
Outdated
| portal. | ||
|
|
||
| In rare circumstances, we may provide signed patches to impacted SecureDrop | ||
| instances to allow for immediate resolution of a security incident or a technical |
There was a problem hiding this comment.
For security incidents we will likely issue a release, I would say something
On extremely rare occasion when a fix is extremely time sensitive, we may provide signed patches to impacted SecureDrop instances to allow for immediate resolution
There was a problem hiding this comment.
Reworded consistent with the above in 69eac63
docs/admin.rst
Outdated
| In rare circumstances, we may provide signed patches to impacted SecureDrop | ||
| instances to allow for immediate resolution of a security incident or a technical | ||
| issue. Even in these cases, we ask that you never install code provided to you | ||
| that is not signed using the current `SecureDrop release key <http://securedrop.org/securedrop-release-key.asc>`__. |
There was a problem hiding this comment.
Also a line stating if there's a bug with the system, to reach out to us to inform us (since others can have the same issue) and to avoid using guidance that is not SecureDrop-specific or not from a source that is vetted by us as it can interfere or may introduce security risks.
There was a problem hiding this comment.
Added language that covers reporting bugs and avoiding unvetted docs when in doubt (didn't want to discourage peer support via forums etc., so trying to strike a balance) in 69eac63
| * :ref:`manage users <manage_users>` | ||
| * :ref:`manage the system configuration <manage_config>` | ||
| * :ref:`ensure that servers and workstations are kept up-to-date <manage_updates>` | ||
| * :ref:`monitor OSSEC alerts <monitoring_ossec>` |
There was a problem hiding this comment.
created a separate bullet for this in 69eac63, we may want to flesh out instructions for monitoring/applying firmware updates
| * :ref:`manage the system configuration <manage_config>` | ||
| * :ref:`ensure that servers and workstations are kept up-to-date <manage_updates>` | ||
| * :ref:`monitor OSSEC alerts <monitoring_ossec>` | ||
| * :ref:`monitor the SecureDrop team's release and security-related |
There was a problem hiding this comment.
added in 69eac63 (this may not be the admin's direct responsibility, so used "ensure" wording)
Status
Ready for review
Description of Changes
Resolves #200
Resolves #203
Checklist (Optional)
make docs-lint) passed locallymake docs-linkcheck) passedmake docs) docs at http://localhost:8000