[tor-bugs] #32273 [Internal Services/Services Admin Team]: archive private information from SVN
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 24 19:10:34 UTC 2019
#32273: archive private information from SVN
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: (none)
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Services Admin | Version:
Team |
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #17202 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anarcat):
one thing we need to clarify here is what the requirements are. it seems
we want:
* '''permanence''' - there should be '''backups''' and no data loss in
the event of an attack or hardware failure
* '''archival''' - old data should eventually be '''pruned''', for
example personal information about past employees should not be kept
forever, financial records can be destroyed after some legal limit, etc.
* '''privilege separation''' - some of the stuff is '''private''' from
the public, or even to tor-internal members. we need to clearly define
what those boundaries are and are strongly they need to be (e.g. are
Nextcloud circles sufficient? can we put stuff on Google Docs? what about
share.riseup.net or pad.riseup.net? etc)
I might be missing some things here of course, would be glad to expand on
those.
This is of course a wider problem than just SVN, and that should be part
of a wider audit affecting also external services (hinted above in the
Google Docs reference). But this ticket is mostly about SVN, because we
have been trying to turn off that server for four years now and we have to
start with something.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32273#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list