[tor-bugs] #32558 [Internal Services/Tor Sysadmin Team]: clarify what happens to email when we retire a user
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 20 21:16:09 UTC 2019
#32558: clarify what happens to email when we retire a user
-----------------------------------------------------+--------------------
Reporter: anarcat | Owner: tpa
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID: #32519
Points: | Reviewer:
Sponsor: |
-----------------------------------------------------+--------------------
As part of improving the offboarding process (#32519), we should
especially look at how email works.
Right now, when we [https://help.torproject.org/tsa/howto/retire-a-user/
retire a user], their account is first "locked" which means their access
to various services is disabled. But their email still works for 186 days
(~6 months). After that date, in theory, their email aliases start
completely dropping email (needs to be onfirmed).
It's unclear if that's the right policy to follow. Some people feel that
an email alias should stay around forever, as it is an inalienable human
right.
Others feel that certain administrative roles should be forwarded when a
person leave. If, say, "Alice" (fictive name) was doing fundraising but
was using `alice at torproject.org` for that work. When they leave, should we
forward `alice@` to `fundraising at torproject.org`?
But then what if Alice was using their work email for private
correspondance either? Maybe the fundraising team shouldn't be able to see
*those* communications.
One proposal could be that the default policy is this:
1. email @torproject.org is "function" email and is destined only for
torproject.org related work
2. when a person leave their position, that email gets deactivated after
a 6 months delay
3. in extreme cases, some forward may be *temporarily* enabled to reset
accesses or re-establish contacts with a provider or third-party
It is also possible that there could be *two* policies, one for TPI
employees and one for other TPO people.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32558>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list