Nemo code of conduct

This code of conduct must be accepted to become a user of the Nemo project. It will be used for governance of the project and for conflict resolution. New users must agree to this before joining.

Users:

Membership grants the member full use of all services on the hardware owned by the project, except administrator access (see section SysAdmins below about administrators).

  1. Preconditions for joining are outlined in: How to become a member.
  2. Only physical persons (not organisations) can become members of the Nemo project.
  3. Memberships and accounts are strictly personal.
  4. To become a member one buys a share in the server hardware.
  5. Members agree to pay administrative server costs on an equal basis.
  6. Anyone wanting to resign from the project may transfer their share to another accepted person (who must apply for membership as usual, but won't have to purchase a share).
Use of the commons:

All hardware owned by the project is shared resources, and should therefore be treated appropriately at all times. You may use the resources available for your personal needs and projects, but please be aware that you may be asked to use less of any resource if it becomes obvious that your personal use has become excessive or unreasonable. The resources available should be prioritised primary for public-facing organisation services, secondary for public-facing personal services, tertiary for supporting work with these, and quaternary for any resource use that is not public-facing.

  1. Members may host any number of websites on the server within practical limits, as long as other members' sites are not affected in regard to performance and resources.
  2. Members are allowed to host websites for friends, organisations and others as long as these abide by these Nemo code of conduct.
  3. Hosted websites must not be used for any of the following material:
    • warez (i.e. illegally copied licenced software);
    • pirate versions of copyrighted media;
    • pornographic material;
    • any material that is illegal under Norwegian law.
  4. Facilities operated by the project must not be used for any of the following tasks:
    • running spiders and other network-intensive tasks;
    • running port scanners, password crackers, and other programs designed to compromise security.
  5. Nemo is a shared hosting environment. It is each member's responsibility to only use secure WCMSs for hosted sites, and to keep this WCMS up-to-date with security patches. Sites should not just be abandoned when no longer used, but decommisioned (taken down) in an orderly and secure manner.
Mail:
  1. All members must subscribe to the Nemo-info mailing list. Also see mailing lists for members for more information.
  2. Members may handle any number of POP/IMAP accounts on the server within practical limits, as long as other members' accounts are not affected in regard to performance and resources.
  3. Members are allowed to handle email (either redirecting or POP/IMAP accounts) for friends, organisations and others as long as these abide by the same Nemo code of conduct.
  4. Nemo mail services must not be used for sending unsolicited email.
Accounts:
  1. Shell accounts are strictly personal! Passwords shall not be given to others.
  2. The preferred method for maintaining websites is through ssh and scp, but admins may open ftp accounts for websites as specified in ApacheAdmin in cases where the site admin shall not have shell access,
  3. Admins may not open shell accounts for non-members without following the procedure listed under How to add a new member.
SysAdmins:

All members have the right to make full use of all services on the hardware owned by the project. However, operations that requires specific skills and knowledge about secure system management can only be carried out by a smaller group of people known collectively as SysAdmins. Only persons with documented administrator skill and experience, and a good track record in system administration, are granted administrator rights.

There are currently no formal procedures in place for deciding who shall belong to the SysAdmin group. We may put in place a more formal process for this later, but currently, this is done informally within the SysAdmin group based upon “rough consensus and running code”.

SysAdmins are obliged to carry out the tasks on behalf of members that members cannot do themselves (e.g. change Apache configuration for vhosts, set up email accounts, set up initial Mailman account, set up initial databases), and should do so in a timely manner. SysAdmins are not obliged to carry out tasks that members already have the powers to carry out themselves. Nor do SysAdmins have any obligation to provide user support for members who do not know how to do this (but will sometimes do so).

Procedures that shall be followed by SysAdmins shall be documented in the Nemo Board and linked to on Procedures for Nemo SysAdmins.

Net services and local software:

The security of net services (i.e. those listening on a public port) is critical. No new net service should be created, or the configuration of an existing net service changed, without prior discussion about the new net service or the proposed configuration change on the SysAdmin mailing list.

All other changes to the hosting environment and system configuration (e.g. changes to configuration files or installation of local software) must be reported, along with a brief rationale for the action, to the SysAdmin mailing list. (Configuration changes in /etc on bar is automatically reported by a standard version tracking tool (git), but all other configuration changes must be explicitly reported).

Privacy policy:

No personal information (e.g. email addresses, phone numbers, pictures, etc.) about others should be visible on web pages exposed to the public without explicit and informed consent from that person. According to Norwegian law (Personopplysningsloven), everybody is entitled to control over how their personal data is exposed to the world. In addition to privacy concerns, it is well known that exposed email-addresses and other contact information are harvested for spam. If you create a public facing page, take care and make sure that it does not contain personal information about others without their consent.

Disciplinary actions:
Members violating above code may have their accounts and admin and membership privileges revoked immediately and permanently.
bhm & OivindEide - 2012-12-31 - Improved wording.
gisle - 2012-12-16 - Added caveat about shared hosting.
gisle - 2012-11-29 - Added sections SysAdmins and Privacy policy. 
bhm - 2012-11-27 - Typo in Membership #6

Please use Add new comment to comment on these rules.