1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
|
#use wml::debian::template title="Debian Machine Usage Policies" NOHEADER=yes
<h2>Debian Machine Usage Policies</h2>
<p>
Version 1.1.2<br>
This version of the Debian Machine Usage Policies becomes effective on
July 4th, 2010 and supersedes all previous <a
href="dmup.1.1.1">versions</a>. It was <a
href="https://lists.debian.org/debian-devel-announce/2010/05/msg00001.html">announced
on May 9th, 2010</a>.</p>
<ol>
<li><strong>Introduction</strong><br>
This document describes the policies for using
<a href="https://db.debian.org/machines.cgi">Debian machines</a> and
all rules surrounding those.
<p>In short:
<ul>
<li>The Debian Systems Administration Team will do whatever is necessary
to keep all machines and services working and running in a secure
fashion.
<li>Don't by any wilful, deliberate, reckless or unlawful act interfere
with the work of another developer or jeopardize the integrity of data
networks, computing equipment, systems programs, or other stored
information.
<li>Don't use Debian Facilities for private financial gain or for
commercial purposes, including consultancy or any other work outside
the scope of official duties or functions for the time being, without
specific authorization to do so.
<li>Don't use Debian Facilities for unlawful activities, including, but
not limited to, software piracy.
</ul>
<p>This document contains two parts: policies and guidelines. The rules
in the policies are binding and may not be violated. The guidelines
specify rules that may be violated if necessary but we would rather
one did not.
<li><strong>General statements</strong><br>
<ol>
<li> Used abbreviations<br>
<ul>
<li>DSA - Debian Systems Administration
<li>DMUP - Debian Machine Usage Policy (this document)
<li>DPL - Debian Project Leader
<li>DAM - Debian Account Managers
</ul>
<li> Privilege<br>
Access to Debian Facilities is a privilege, not a right or a
commercial service, and DSA reserves the right to revoke this privilege
at any time, without prior notice. An explanation will be given within
48 hours.
<li> Guarantees<br>
There is no guarantee of service. Although DSA will do its best to assure
that everything functions perfectly, they can't give any guarantees.
<li> Privacy<br>
If necessary to keep machines working properly the DSA is allowed to edit
user files. (for example modifying .forward files to break mail loops.)
</ol>
<li><strong>Penalties</strong><br>
If someone violates the rules set in this document they will be subjected
to a penalty. The penalty depends on the number of previous violations
and the offense involved.
<ol>
<li> First offense<br>
<ol>
<li>The accounts of the offender will be suspended and access will
not be available.
<li>The offender will be required to contact DSA and convince them
that there will be no further breaches of the DMUP by the offender.
<li>If the offender fails to contact DSA within 14 days, DSA
will suspend the corresponding account and propose to DAM the
expulsion of the offender from the Debian project. If the offender
has announced they will be on vacation in this time frame,
this period will be extended with the announced duration of
the vacation.
<li>If the offender is expelled from the project they can register to become
a maintainer again after a period of a month. The offense will remain
on record.
</ol>
<li> Second offense<br>
<ol>
<li>The offender's accounts will be suspended immediately and
DSA will propose to DAM the expulsion of the offender from
the Debian project.
<li>If the offender does not file for an appeal within the designated
time frame the account is terminated.
</ol>
<li> Publication<br>
<ol>
<li>The offense and the penalty will be announced to Debian developers only.
<li>Should it, in the sole opinion of the Debian project leader, be considered
necessary, then a public announcement will be made. This can include
the offender's identity.
</ol>
<li> Appeal<br>
<ol>
<li>If the offender does not agree with the decision made by DSA they
can appeal to the developers. This is only possible in the 14 days directly
following the day the offender was informed of the sentence. This is
done using the procedure as detailed in section 4.2 of the Debian
constitution.
<li>During the time the appeal is processed the account will remain suspended.
</ol>
</ol>
<li><strong>The policies</strong><br>
This section lists the policies. This list is not and cannot be comprehensive.
<dl>
<dt>Disk usage:
<dd>All machines run a /tmp cleanup daemon and expire files after a week.
Some machines have /scratch partitions specifically for storing large
data sets without fear of them being erased. If you receive an email
notification that your homedir is large and that more free space is
needed then please promptly take action. DSA may find it necessary to
clean up without warning.
<dt>Shell:
<dd>Please use ssh/scp if at all possible rather than less secure alternatives
(rsh, telnet or FTP).
<p>Idle connections are killed after an hour; this is easy to bypass,
but please don't do so without good cause.
<p>Mirroring via any private means any portion of the public archives from
the private servers is strictly forbidden without the prior consent of the
residing Mirror Master. Developers are free to use any publicly available
forms of access.
<dt>Processes:
<dd>Do not run any long running process without the permission of DSA.
Running servers of any sort (this includes IRC bots) without prior
permission from DSA is also forbidden. Avoid running processes that are
abusive in CPU or memory. If necessary DSA will clean up such processes
without warning.
<dt>WWW pages:
<dd>In general, web space on Debian machines is provided for the purpose of
communicating ideas and files related to the project, or to the Free
Software community in general. Private 'vanity' pages on Debian machines
are discouraged.
<p>Commercial web pages are not permitted.
<p>You are responsible for the content of your WWW pages, including
obtaining the legal permission for any works they include and ensuring
that the contents of these pages do not violate the laws that apply to
the location of the server.
<p>You are responsible for and accept responsibility for any defamatory,
confidential, secret or other proprietary material available via your
WWW pages.
<p>You may not advertise your WWW pages, or cause another person to
advertise it, by techniques that would be classified as abuse if they
were carried out from a Debian Account. This includes, but is not
limited to, bulk emailing and excessive news posting. Such action may
be treated under the appropriate DMUP as if it had been done from the
Account, or as a violation of this DMUP or both.
<dt>Mail/News:
<dd>Using Debian machines for reading mail is OK, please choose a
lightly loaded machine. We do not support the use of mail download
methods such as POP or IMAP, use your ISP's mail server and forwarding.
As with web pages incoming mail is generally encouraged to be of a Free
Software nature or related to the project somehow. DSA may find it
necessary to compress, relocate or erase mail without warning.
</dl>
<p>If a Developer becomes unreachable for a prolonged time, their
accounts, data and mail forwarding/filtering/etc may be disabled until
they reappear.
<p>Don't use Debian facilities in a manner which constitutes net abuse.
Debian does not have any Usenet news servers. It may be that some of the
Debian machines have access to such a news server, but their use through
Debian machines is strictly forbidden.
<p>Examples of what DSA considers net abuse:
<ul>
<li><em>Chain Letters and Ponzi Pyramid-Selling Schemes</em><br>
Such messages work (or rather, don't work) in much the same
way as their paper-based cousins. The most common example of
this in email is MAKE-MONEY-FAST. In addition to being a
waste of resources, such messages are illegal in certain
countries.
<li><em>Unsolicited Commercial Email (UCE)</em><br>
Unsolicited Commercial Email is advertising material
received by email without the recipient either requesting
such information or otherwise expressing an interest in the
material advertised.
<p>Since many Internet users use a dial-up connection and pay
for their online time, it costs them money to receive
email. Receipt of unsolicited commercial advertising
therefore costs them money and is particularly unwelcome.
<p>It should be noted that a user has not expressed an interest
by the mere act of posting a news article in any particular
newsgroup, unless of course they have made a specific
request for information to be emailed to them.
<li><em>Unsolicited Bulk Email (UBE)</em><br>
Similar to the above UCE but not attempting to sell
anything. Its sole purpose is usually to annoy.
<li><em>Forged headers and / or Addresses</em><br>
Forging headers or messages means sending mail such that its
origin appears to be another user or machine, or a
non-existent machine.
<p>It is also forgery to arrange for any replies to the mail to
be sent to some other user or machine.
<p>However, in either case, if prior permission has been
granted to you by the other user or the administrators of
the other machine, then there is no problem, and of course
"null" reverse paths can be used as defined in the relevant
RFCs.
<li><em>Mail Bombing</em><br>
Mail bombing is the sending of multiple emails, or one large
email, with the sole intent of annoying and / or seeking
revenge on a fellow Internet user. It is wasteful of shared
Internet resource as well as serving no value to the
recipient.
<p>Due to the time taken to download it, sending long email to
sites without prior agreement can amount to denial of
service, or access to email at the receiving site. Note that
if binary attachments are added to mail this may increase
the size considerably. If prior arrangement has not been
made, the mail will be extremely unwelcome.
<li><em>Denial of Service attacks</em><br>
Denial of Service is any activity designed to prevent a
specific host on the Internet making full and effective use
of their facilities. This includes, but is not limited to:
<ul>
<li>Mail bombing an address in such a way to make their
Internet access impossible, difficult, or costly.
<li>Opening an excessive number of mail connections to the
same host.
<li>Intentionally sending email designed to damage the
receiver's systems when interpreted; for example, sending
malicious programs or viruses attached to an email.
<li>Using a smarthost or SMTP relay without authorization to do so.
</ul>
<li><em>Mailing List Subscriptions</em><br>
You must not subscribe anyone, other than a user on your own
host, to a mail list or similar service without their
permission.
<li><em>Illegal Content</em><br>
You must not send via email any item which it is illegal to
send or possess.
<li><em>Breach of Copyright or Intellectual Property</em><br>
You must not send (via email) or post Copyright material or
Intellectual Property unless you have permission to do so.
<li><em>Binary Postings to non-Binary Groups</em><br>
Outside of the alt.binaries... and alt.pictures... newsgroup
hierarchies, the posting of encoded binary data is
considered most unwelcome. The majority of Usenet sites and
readers do not have the capability for selective
transmission of articles (kill-filing) and such posts can
result in a significant amount of resources being tied up
and wasted in the transmission process, and as such can be
considered as a denial of service attack on multiple
recipients. [Example]
<li><em>Excessive Cross-Posting</em><br>
Simply put, this form of unacceptable behavior occurs when
the same article is cross-posted to a large number of
unrelated newsgroups.
<li><em>Excessive Multi-Posting</em><br>
Simply put, this form of unacceptable behavior occurs when
a substantively similar (perhaps differing only in Subject
header) article is posted to a large number of unrelated
newsgroups.
</ul>
</ol>
|
