Skip to content
This repository has been archived by the owner on Apr 23, 2024. It is now read-only.
/ policy Public archive

Our operating model stated in terms of our legal and ethical obligations.

Notifications You must be signed in to change notification settings

fosshostorg/policy

Repository files navigation

Fosshost CIC Operational Policy Statement

Fosshost is a not-for-profit “cloud” provider. We offer hosting at no cost to the Free and Open Source Software projects we support. Projects must apply for our services, as well as meeting eligibility criteria, for example bearing a FOSS license. As of May 1st, 2021 we host more than 100 FOSS projects in data-centers across five continents.

This document does not become effective until approved by our directors. When that occurs we’ll update this.

SUMMARY

Our team is entirely volunteers who donate their labor. We partner with other organizations who provide us with servers, rack-space, bandwidth, etc. We use these resources for tenants (the projects we host) who gain access to infrastructural technology services, for example virtual private servers (VPS) and consoles of such. We usually share publicly any information we share at all. We don’t provide remuneration “in-kind” or compensation to anyone, with a couple of exceptions described within the ITEMS immediately below:

ITEMS

  1. We don’t offer monetary or other consideration to our staff including directors.
  2. We may, at our option, prefer to host projects from our volunteers when we can.
  3. We might well use your branding and otherwise mention those we host; you can ask us not to and we’ll usually comply.
  4. We usually invite you to use our branding and else and otherwise advertise our relationship but may have specific related conditions for you now and again.
  5. We can stop doing some or all of what we are doing for you at almost any time for almost any reason at our option.
  6. We will keep records so that we regularly report on these and similar stated promises.
  7. We will consider most of the records we keep as for internal use only and will usually keep them secret and not share them.
  8. We will state expressly the specific information we routinely retain but do not usually report along with risks and procedure related to unavoidable/required disclosure.
  9. We will retain and fully and faithfully report (usually, eventually) publicly such information (however specific and detailed) as we must to satisfy such diligence as we find due and proper.
  10. We share when we can from (especially) our vital records more often than we are required but we do so (but if, when, and as we may choose).
  11. We effect procedures and internal systems specific to keeping our vital records, for example such as all those needed for/by the office of the regulator of the CIC.
  12. Most publication at our discretion is in terms of this reporting and other information we possess remains in confidence to the extent possible for us.
  13. Abuse of any kind is not tolerated and will usually cause some or all information related and kept within our other systems to become more vital.
  14. We strongly prefer FOSS software and will not consider hosting other types of development or otherwise than development under a FOSS license.
  15. We may, at our sole option, elect to use non-FOSS software but we will never incorporate it into our network nor unless by specific exception require its use.
  16. Our volunteers (other than the directors) do receive certain and specified rights within so they may and do represent our directors in conducting our operations.
  17. Our volunteers do not otherwise delegate or defer than as stated below and typical; we in no way consider they lessen our responsibility to/for FOSSHOST CIC.

LIMITATIONS AND ALTERNATIVES

Our articles form the sole contract between the directors.

Notwithstanding our articles as filed with the office of the regulator of the UK CIC, which our policy must be consistent with and subject/secondary to, these and no other documents govern our organization including our members, agents, and/or assignees when acting on our behalf expect whereas our policies (this document or documents) specifically describe and require or allow.

We share our articles only after we sign and file them, and then after our directors have duly considered and when they agree: https://github.com/fosshostorg/policy/blob/main/articles.pdf

NOTES

As a UK registered CIC, Fosshost operates at all times under our articles, which have been filed with the office of the UK CIC regulator. We are subject also to oversight, for example by that administration, who we expect seek to ensure we demonstrate our assets/expenditures directly benefit our community and in trust.

This document represents our process and principle work-product in documenting our internal practices. It has a number of goals:

  • declare the interests we serve and how we benefit our community
  • mutually protect from liability those who act in good faith
  • describe our operating practice and recognize well qualified scrutiny
  • ensure we measure our results and evolve our methods, documenting exceptions to stated preferences and practice
  • record whether we have acted as dependable custodians and with consistency and within legal and ethical bounds
  • publish (or cause us to carefully consider publishing, perhaps redacting among) our vital records

Markup and Conventions Used

PRIOR ART

Generally the conventions here are/will-have-been lifted from org-mode (“Org”). Org mode is an organizational format and features for Emacs. Org is associated with (and here for), among other things, organizing complex writing and/or program generation, deployment, etc. for example (and often) in terms of things to do, etc. Org appears widely (if not typically) used across a number of industries/practices such as within hybrid science (for example, labs mixing practical sciences such as chemistry with technology systems development) and law.

Org is developed as a FOSS project and is discussing but has not yet committed to expressing and putting forth a formal mime-type. Corwin, among the directors, has substantial experience with Emacs and is a maintainer of note and record within org.

Our use of org is presently limited to creating documents or programs which are “checked-in”, then excerpted/rendered into other or several forms each of which may be taken as “functionally authoritative” in being technically correct and implicitly or explicitly accepted by those among us most interested as we become available and also as needs may be.

To the extent we develop significant (other) original work also related to org/Emacs we will similarly mention it here.

What are Categories?

Of the boilerplate from org, perhaps the categories will stick out the most to you when viewing as plain and unadorned (“undramatic”) text. These are the markers to the right (and often right aligned, for some viewers) surrounded and often shown separated (“fully punctuated”) by/with semi-colons (“:”).

In fact, our below use of the term may be more or less as the org contributers may intend, when stated in self-reflective terms:

Each of our categories identifies items (steps, etc) where we may report, for example, whether and the degree to which this document is complete and correct and among/within measure and publicly state any known and long term risks or exceptions.

In practice, this requires us to list our reporting categories (which we do here, below) and also to adjust markers as we work.

In effect, it forms the basis to constantly move toward greater clarity with less effort, while measuring all of our other goals.

Our Categories

  1. VITAL, part of our committed operating records
  2. PUBLIC, leading toward disclosure of what might otherwise be internal use information.
  3. EXAMPLE, a reference demonstrating how to use or apply our policy.
  4. PROCEDURE, something we usually want to do deliberately.
  5. RECORD, an explicit record of something that happened, by policy stated or quoted or referenced here.
  6. SECRET, explicit reference to information not intended to become PUBLIC, etc. not shared.
  7. RISK, a specific thing detouring or harming or counter to our or our communities interest.
  8. EXCEPTION, something in the past or future that we didn’t plan for or usually would not want to do.
  9. FINAL, when a section of text including any markup is and should be duly received verbatim.

How To Change This Document

NOTE: This process can or may alter (and may be retained with and as) our vital records. NOTE: This process may alter noted public records as they are reported/retained by the directors of Fosshost CIC, personally. NOTE: You are to CONSIDER APPROVAL before you begin this process.

Approved or in-place policy and procedure may require prior approval recorded from/by one or more specific individuals named later/elsewhere assumed to be a director (or the board of directors, in case of contention), or otherwise as stated.

You can change this document to add or correct any procedure that has been duly recorded herein as incomplete or incorrect, and otherwise to correct any trivial detail/omission/typo/etc or else to add new procedures; and, otherwise, and given the document overall and the given procedure(s) (etc., policies, or proposed changes to our articles included with this and given) have been presented as in effect and force, whereas as such changes may and shall regard our directors interpretation of our articles and the diligence as represented in such as form our organizing practices (for example in case where our policy would meaningfully and dramatically change the work expected from volunteers) anytime the policies (or the articles) or more than two of the procedures are altered (even when done over a series of commits or by several authors over time) we each will commit such after validating written (for example, via email) instruction from one of our directors, or from a person (or persons) so above or below named with and thereby procedure of custom thus duly recorded.

Naturally, such requests and prohibitions apply only when you commit directly to the authorized and authoritative repository containing the public version of this document, used to organize reports related our organization and help us work together and on mission. Any and all PRs (issues/emails/patches) welcome.

NOTE: This is an example process; it appears complete but out of order within our policy where this disclosure appears.

Update README.org

To complete all steps You will need:

  • a recent emacs (e.g. with org, ox-md.el, etc)
  • for automation copy the pre/post commit scripts to your local .git/hooks folder
  • commit access or the ability to create a PR, e.g. to/for:

    THIS DOCUMENT https://raw.githubusercontent.com/fosshostorg/policy/main/README.org

    Please follow these general steps when making change to this:

    1. Clone the public repo or navigate to README.org on the web.
    2. Use a text editor to update README.org (and/or other files, but see troubleshooting)
    3. Commit your change to the public repository
    4. Confirm the change by looking README.md and reviewing the commit log, fix any issues, otherwise:
    5. If you started but didn’t finish this process please raise (or update your existing), e.g. issue or etc.

    You can always raise/forward any issue to/or with us by sending an email to [email protected] detailing what you’ve run into.

    STOP, you are done!

Troubleshooting

This section is simply a list of useful tips, perhaps with a sub-selection of examples or other references.

NOTE: Please review and perhaps update any TROUBLESHOOTING sections as you work and encounter issues

  • Please don’t manually update anything that’s auto-generated (e.g alternative formats like md, html and ascii).
  • If things go wrong (e.g. against the public repository) please immediately revert the change; we can try again.
  • We can place the pre- and post- commit scrips in .git/hooks for crude and fragile automation locally around build.el
  • This (usually) seems to work under windows (e.g. via “git bash” command line tools & putty for auth)
  • Checking in the approved (or otherwise meaningful) changes to the .org file (and getting them “just right”) is our priority.
  • In all cases the .org file is authoritative; back-out and then merge changes into it ASAP in case of error
  • Otherwise (if README.org looks fine) it’s okay to give up (but please do raise an issue/ticket).
  • Did you consider/check the :CATEGORIES:?
  • Thank you!
EXAMPLES

Use instead of installing/running pre-commit and post-commit hooks. Assumes we’ve just pushed, e.g. to update README.org:

     /c/emacs/bin/emacs --batch -l build.el &&\
       git add README.md README.html README.txt &&\
	 git commit --amend -C HEAD --no-verify &&\
	 git push

OUR POLICY

Copyright © 2021 Fosshost CIC and contributors.

Fosshost C.I.C. is a Community Interest Company, registered in England and Wales. Company Reg No: 13356530. Registered Office Address: 7 Bell Yard, London, England, WC2A 2JR, Great Britain.

Permission is granted to copy, distribute and/or modify this work under the terms of the Creative Commons Attribution-ShareAlike 3.0 Unported License and, unless otherwise noted, the GNU Free Documentation License, version 1.3 or (at your option) any later version, with no invariant sections, front-cover texts, or back-cover texts. A version (1.3) of the Documentation License is included with the full sources for this document, however you may substitute (remove that file) and replace with the following text with your retributed or derived work if you choose to use only the CC-BY-3 license for your other work(s).

This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

Our Expectations Evolution Policy

A policy to help us develop polices.

SUMMARY

The ITEMS following create a basis for directors to create and update policy, for other volunteers to raise concerns (“object”) to policy, and requires all policy to be consistent with our articles which are superior to our polices.

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. Directors shall write policy as needed, and
  2. Absent an prior or conflicting policy that policy is immediately in effect, where
  3. Policy once effective is binding to/for all our agents and assignees including but not limited to all of our volunteers including our directors.
  4. When we replace/amend our policies including this one, and given due notification (e.g, by electronic mail) of all of the directors, this policy and any other of our policies are effective once acknowledged and consented to by one or more other director such that two of our directors have considered the changes,
  5. Unless a director shall object (e.g. by comment, verbally, or by other means) in a timely manner, and then
  6. Once objected to, policy is effective when consented to a by duly recorded majority representing a quorum of directors.
  7. Directors shall raise at their first opportunity objection on behalf of our other volunteers when each shall perceive a consensus or significant majority of affected parties under their supervision have voiced their concerns in good faith concern and given the director shall find such concern may have merit, however
  8. Directors are not otherwise obligated to represent or act on behalf of others (for example, of any other of our volunteers) and shall act on their own best knowledge and belief when drafting and reviewing policy, and always that
  9. Directors and all other of our volunteers shall always act to the greatest extent they are able within the confines of this and other Fosshost policy, and
  10. We shall each use our best judgment striving for prudence and consistency, for example when our policies may appear to conflict, and that
  11. At all times we each shall conduct ourselves within our understood legal and ethical confines, such as of applicable law and regulation, and that
  12. Each of us shall take it upon ourselves to certify notification to all of our directors any the event they doubt the binding nature of this or any Fosshost policy or when they in good faith believe a volunteer may have violated Fosshost policy or when at any time they believe abuse has occurred and was not then duly reported, and
  13. The secretary shall acknowledge and record any such change, objection, and notification made under this policy and produce such records as needed to conduct our business and upon duly verified request from any and all such entity may have the legal right to make such a demand upon Fosshost, for example the government of the United Kingdom in the course of verifying or investigating our records as permitted and allowed for under UK law, and
  14. Any and all such which actions required and allowed by our policies as specifically called out, for example for a particular officer or volunteer may be otherwise assigned or delegated as otherwise consistent with Fosshost policies, for example the Secretary may delegate and share information (for example, with other volunteers) as may be necessary, expedient, and consistent with our policies, in order to make, keep, and produce records, and
  15. Where our policies, of which this forms a part, are not to conflict with our articles, and
  16. Where in conflict, our articles shall be considered before and superior to our policies including this one, however and
  17. Except as may relate to amending our articles and related process, where our articles may for a period of not more than three months (“one quarter”, usually around 90days) have superseded our articles given they contain such changes as can and do affect our articles and/or he process by which we have agreed to revise our articles, whereas this may and does allow us time needed to review and record such changes and to file those changes with external entities such as the UK CIC.

Our Values and Ethics Policy

A statement of our values and accountability.

SUMMARY

The ITEMS following create a basis for a guarantee of good faith in the public interest by stating our values and framework for accountability. To that end, the language in this section should be simple and unembellished.

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. We seek at all times to earn and to be worthy of trust, and
  2. seek to be respectfully transparent, and
  3. seek to be appropriately discreet, and
  4. seek to communicate faithfully, and
  5. seek to pursue our duties with all due diligence.
  6. We will at all times be honest, and
  7. we will comply with our polices,
  8. we will share and explain our work freely, and
  9. we will prefer, promote, and model the best ideals of the Free and Open Source software communities we host and/or endorse, and
  10. we will show our same values to all people and communities.

Our Community Policy

A somewhat intense statement of our specific mission in serving the general interest.

SUMMARY

The ITEMS following align our policy to our mission (“We’re on a mission to empower and support every free and open-source software project. To go further, together. Our work never stops.”).

To that end, this section provides working definitions for certain “terms of art” (words or phrases, often with synonyms that may appear interchangeably with the original term throughout our policy, and which may take on additional or unconventional meaning within the context of our operations or which we may for other reasons clarify) and that help to identify and distinguish the interests we serve.

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. FOSS (“FLOSS”, “Free Software”, “Open Source Software” “Open Source”, “Free and Open Source Software”)
    1. will usually refer to a product or a combination of products (“program”), and
  1. includes the program source and other materials in any form or forms (“sources and binaries”), and
    1. being duly described (“documented”), and
    2. authored, edited, and/or created (“authored”, “maintained”), and
    3. compiled, built, tested, and distributed (“packaged”, “released”), and
    4. used (“used”, “tested”, “developed”), and
  1. each of these given above apply (“complete program”, “complete work”), or
  2. or when one or more of these above (“developed and/or used”, etc.) apply, and
    1. one or more such program once installed (e.g. service, job, instance, virtual machine, or client),
  3. Such that the program runs or will run (“run”, “executed”), and
    1. Such that one or more
    2. servers, desktop and/or laptop computers, mobile devices such as smart phones (“machine”), or
    3. such simulated by electronic means (“virtual machine”), or
  4. such that a program, service, or capability becomes available (“FOSSaaS”), or
  5. such that a task is performed or will be performed (“FOSS Script”), or
  6. a physical or simulated physical computing device providing such (“FOSS device”), or
    1. any other mechanical or other device that can run the program (“FOSS machine”),
    1. Or otherwise causing a program or code for a program to be
      1. developed (“FOSS creation”), or
      2. executed (“FOSS use”),
    2. But only when developed and/or used under and per the terms of a license (“FOSS program”)
      1. endorsed or approved by the Free Software Foundation (“FSF”), or
      2. meeting Open Source Definition (ODS) criteria of the Open Source Initiative (“OSI”),
        1. But may also refer
    3. To a specific person, or specific persons, or specific group of persons (“community”), who
      1. voluntary develops a specific FOSS program or programs (“FOSS developer”, “FOSS project”, “project”), or
      2. Uses and promotes the use of a FOSS program (“FOSS user”), or
    4. To a group of such person (“FOSS user group”, “FOSS user community”), or
    5. To any other person or community who in and from good standing and in good faith (“well regarded) does
      1. meaningfully and demonstrably support FOSS project or projects (“FOSS supporter”), and
  7. regularly organizes support for FOSS projects (“FOSS Community Interest Organization”), or
  8. by other conduct, communication or other specific and recognized act (“support”), does
    1. further FOSS development (“FOSS community member”), or
    2. does more than more than one of these (“FOSS Community”).
    1. FOSS Hosting and Service (“hosting”)
      1. Our purpose and function (“mission”) is to provide this, meaning
      2. our records as a registered and accountable organization (“records”, “Fosshost records”),
      3. shall relate to that business, and including
    1. internal accounting and reporting, and
    2. such external accounting as we are duly required to produce, and
      1. shall relate that business to our practices as a FOSS Community Interest Organization, and that
      2. Fosshost shall in all policies (“comprehensively”), and
    3. Other regular and authorized procedures (“procedures”),
    4. and organizational practice (“tradition”),
      1. keep such records as are or may be vital (“vital records”), and
      2. to establish and retain within Fosshost records (“keep”)
    5. such information as may be needed to account, track, measure or otherwise calculate
    6. our assets, and
    7. our liabilities, and
    8. our affect on our community, and
    9. our understanding of and respect for FOSS, and to
      1. relate such information to our mission as best we can, and to
      2. periodically and as necessary review comprehensively (“audit”, “self audit”), and
      3. consider the results of such audits as vital records, and
      4. and including as vital records any and all records showing specific and unacceptable (“malfeasance”),
      1. action taken by Fosshost (“impropriety”), and
      2. action taken our behalf and with our general knowledge and consent (“collusion”),
        1. and to include as vital such records substantiating malfeasance as we can find, including
      3. detailed instructions related to the performance of the audit, and
      4. the results of the audit including actions taken in consequence, and
        1. in cases where malfeasance has
    10. been found, or
    11. is suspected to have occured, and
      1. including any and all access records and logs and other technical work-product, and
      2. receipts, invoices, and internal and external communications we might not otherwise share, and
      3. that may constituent or corroborate the audit which has found malfeasance, and to
      4. bring that information forward (“notification of malfeasance”) to
      1. the FOSS community, and
      2. the general public, and,
      3. appropriate regulatory bodies or agencies, and
      4. any other public body, such as
        1. applicable law enforcement,
        2. where and as may be prudent and advisable.
      5. Empower and Support every Free and Open Source Software project (“provide”)
        1. Our mission is to offer hosting to FOSS projects and communities, (“tenants”, “applicants”), and
        2. we act at our own discretion, for example including
    12. making any offer of hosting, and
    13. providing such hosting, and
    14. deciding to retract or withdraw or otherwise terminate such hosting or any offer of hosting, and
    15. to do any and all of these according to our own policy and judgment, and
      1. we do so without guarantees other than those specified herein, but
      2. always after due diligence including (but not limited to) consideration of:
    16. our ability to access and verify the relationship between the tenant/prospect and the community, and
    17. our estimation of the value or potential value provided to the community, and
    18. our consideration of such estimation relative to others that we host or may in the future host, and
    19. any specific concern or concerns we may have, for example such as
      1. the likelihood a tenant/prospect has and/or will comply our policies and other stated expectations,
      2. the general intentions and/or conduct of tenant/prospect as perceived by Fosshost,
      3. any specific technical or organizational risk we find tenant/prospect poses to us or the community,
      4. any other specific concerns we may at our sole discretion find and duly deliberate and record.
      1. To go further, together (“cooperate”, “collaborate”), meaning
        1. we use and provide only FOSS software as part of our service, and while
        2. we may at our discretion use other commercial/non-FOSS software, nevertheless
        3. we work to remove any non-FOSS software from our operating practices, and
        4. we will at no time endorse, promote, sell, or resell commercial/non-FOSS software, and especially that
        5. we will do not and will not endorse specifically any provider of commercial software on that basis.
      2. Our work never stops (“ongoing”), meaning
        1. our commitment to the community is not limited in or by duration, however
        2. we may be temporarily or permanently unable to continue offering and/or providing some or all services, for example
        3. we may reach limits based on resources such as technical or of labor, or
        4. be otherwise limited, such as
    20. at and by our discretion and/or policy, and/or
    21. by our legal and ethical obligations, and/or otherwise
    22. by our general obligation to promote and preserve
      1. our organization, and/or the
      2. FOSS community, and/or
      3. our duty to serve the public good.

Our Teamwork Policy

Clear expectations make the dream work.

SUMMARY

The ITEMS following define teamwork as expectations regarding collaboration.

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. Notwithstanding we are expressly prohibited/restricted, we will generally
    1. Focus our resources first toward our community, and
    2. Self-host things that generally provide model projects to our community (“reference implementations”), both
      1. Publishing deliberately well maintained technical work, and
      2. Clearly grounding such works to and within our organization, including
    1. By regular demonstration of organizational confidence, such as
      1. By duly recorded review open among all our volunteers, and
      2. Regularly and diligent review of these, and
      3. For any regular and diligent review of these or any of our other technical and training and/or policy and procedure making materials, and/or
      4. As required to demonstrate or supervise or otherwise verify compliance or suitability with or of these or other of our policies and procedures, and
    2. Otherwise at the desecration of our directors, starting with
      1. Director CEO (Thomas Markee), or if he should not dissent
      2. Other of our volunteers such as our directors may designate, and
        1. Otherwise we will not generally host significant capabilities of/for our own principle use, including
    3. We may, at our sole digression and for our internal/volunteer use only
    4. Accept or purchase software including software as a service products (“Non-FOSS tools”), when and given
      1. The external host or service proving organization (“Commercial provider”) will provide to us either,
        1. Commercial providers may offer us service at no cost and/or without fees, or when
        2. We may receive special recognition (e.g. as a charitable organization), and when and after
      1. the secretary shall record such relationship, and
      2. such relationship shall be caused by a director to exist, when and given
      3. no director shall object, or after and beyond such objection and then only
      4. after a quorum of directors is reached and duly recorded such as to overcome objection, and
      1. We will cooperate in our regular and routine duties, such as
        1. Seeking guidance (“supervision”) when we do not understand something, and
        2. Involving others as available in decision making, and
        3. To help all volunteers understand our work, for example
    5. Understanding what others want to learn as well as what they know, and
    6. Ensuring that helpful information is duly recorded, and
    7. Periodically considering and duly recording the diversity of views within our organization and community as may pertain, and
      1. Keeping such records as required or allowed by these polices, for example to
    8. See that actions we believe may be in poor faith are duly recorded, and
    9. In such a way as to be findable and understandable throughout or organization, and
    10. Meet other commitments made by law/regulation or here in by policy, or
    11. As otherwise directed when
      1. allowed or otherwise provided for by policy, or
      2. As duly recorded by the secretary as acknowledged by consensus or quorum of our managing and executive directors.

Our Sponsorship and Contribution Policy

Sometimes giving it our all means we find we didn’t give it our best, or vice versa. We can work on that. Together.

SUMMARY

The ITEMS following define our goals in terms of publishing our results and general work product as widely as possible given different circumstances we may or routinely face.

In doing so, this section establishes the basis for other “practices”, which may be documented and maintainenced outside our policy (e.g. this document). Our goal is to allow our routine activities to addressed in a number of ways depending on the tastes and interests among our volunteers, while ensuring that, as an organization, we keep an retain consistent records and handle each appropriately.

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. We will seek and regularly report on and record our progress contributing our work back to our community (“contribution report”), and
  2. We will similarly seek and regularly report on our transparency (“transparency report”), including
    1. Reporting on the quality and types of information we record and retain but do not publish, and
    2. Reporting on such cases where we publish information only in a limited fashion (“redacted”), and
  3. We will similarly seek and regularly report on information and categories of information we posses, require, and provide, including
    1. We will define categories of information with this policy (“information categorization”), and
    2. We will provide clear guidelines in policy information, including those
      1. Which make it clear for volunteers how to categorize information according to our policy, and
      2. For volunteers and others to understand our use and intents regarding the use of records we keep and retain, and
      3. For the retention of information according to category, and
    3. We will at our sole discretion publish in whole, or
    4. We may publish in aggregate or in part or as redacted or to a limited audience where
      1. otherwise as redacted or for limited or audience when such publication is only or best means to provide transparency in consideration of privacy, and
    1. As duly acknowledged and accepted by one of our directors and as recorded by our secretary, or
    2. As otherwise made typical according to our customary or deliberate work practices (“practices”), including
      1. By our regular and consistent exercise of our duties, and
      2. Where generally well documented and/or otherwise explained or to our volunteers, and
      3. As duly recorded by our secretary,
      4. Otherwise as provided for in and by our policies, and
        1. Otherwise as duly recorded consent of our director shall demand, and when
        2. Our procedures nor policy nor other due authority such as of regulation prohibit or discourages such publication.
      1. We may retain, as individual contributers, such information as we deem necessary, including to
        1. Establish or verify or investigate any charge or suspicion of ethical or otherwise violation of our policies, for example including
    3. researching and/or reporting on misuse of our technology or volunteering or other such as financial resources, and
    4. any attempt to falsify or otherwise intentionally distort or misrepresent our records, and
    5. to communicate and demonstrate such to our board of directors, and otherwise and always
      1. as allowed by our policies,
      2. or required by our procedures,
      3. or required by external forces such as regulators acting in due course, and
        1. Such as we deem necessary to understand and learn from our work, such as
    6. Monitoring our own internal network including our tenants use thereof, and
    7. Recording our meetings and conversations, including with tenants or sponsors, but where as
    8. We do not share this information without consent or and unless allowed/required by our policy or procedures, and
    9. We share such information only after removing/concealing sensitive or personal information, for example including
      1. We restrain from sharing information such as to convey our own or our tenants or sponsors plans and intentions without written connect, and
      2. We share personally identifying information without concent of those persons identified only as required (“required disclosure”), and
      3. We provide required disclosure to the minimum audience consistent with expectations, for example
        1. Only to those individuals or groups required specifically by our procedures or policy, and
        2. As specifically directed in writing by regulators or other external parties acting in due course.
        1. As we may require to created redacted and otherwise derived materials for purposes of colaboration (“training working materials”), and
        2. As a natural by-product of our usual and customary working habits, for example including our personal IRC or other chat logs, email, etc., However
  4. We will similarly seek to delete or otherwise remove information once it is not needed and to regularly report on our success and any concerns related thereto, but
  5. We will not generally seek removing our otherwise auditing personal information in our keeping, where
    1. The information has passed to one or some of us naturally in the course of our operations, and
    2. Given such deletion would represent technical challenge or otherwise hardship to/for our volunteers, and
    3. Given no specific requirement exists for such deletion, for example
      1. Given no policy has otherwise been violated, and
      2. Given no procedure has been circumvented or altered, and otherwise
      3. Given retaining such information is not an attempt to avoid due diligence handling our records, and
      4. When and if we possess a reasonable certainty that loss or disclosure is unlikely and avoidable.

Our Record Keeping (“Privacy”) Policy

It is difficult to unintentionally disclose what you deliberately don’t keep, and you don’t have to put it anywhere.

SUMMARY

The ITEMS following define our goals in terms of information handling according to classification.

In doing so, this section establishes a framework for our internal and external practices. specifically:

  • defining a general practice for decision making including information categorization
  • listing the categories of information we recognize
  • describing the purpose and intent of procedures specifically established by our policy for handling information
  • describing how we create and maintenance procedures considering the information sensitivity and other factors

NOTE: this is a summary, refer to the ITEMS below for binding policy language.

ITEMS

  1. We handle all information according to our policy (this document or documents), and whereas
    1. We may occasionally deviate from our routine, normal or desired processes (“exceptions”), therefor
      1. Our directors shall be informed of any and all deviations to policy, for example including but not limited to
    1. Failures, whether preventable or not, resulting in unplanned disclosure of information (“privacy event”), and
    2. Significant errors, for example on our own part, whether or not they have caused a privacy event (“incidents”), and
    3. Concerns related of use of our network, labor, or other resources for purposes other then their intended and acceptable uses (“misuse”), and
      1. Our secretary or designate or by other process we shall record and seek to reduce exceptions (“exception controls”), and
    4. Each such identified or anticipated deviation shall be documented (“exception record”), including
      1. describing any understood risks our community, sponsors, tenants, and our network, volunteers, and organization, and
      2. placed the exception in contrast with our otherwise typical or desired practices, and
      3. make clear the purpose and necessity and planned or expected duration of the exception, and
    5. Such documentation shall have periodic review as to the risk/cost and necessity/duration of each exception, and
    6. Our directors report in summary periodically on the aggregate frequency, risks, costs, and planned actions related to exceptions, however excluding whereas
      1. Our directors shall approve and duly record any routine or acceptable exception (“standard exception”), and
    7. Such exception as shall be duly documented such as provided for by and within our procedures, and
    8. Such exception shall in all other respects not expressly documented be otherwise consistent with our policies and obligations, and
    9. Given such standard exceptions are also included in summary review and reporting in terms of aggregate risk/cost, and because
  2. We may and do frequently possess and sometimes may publish information that usually we will usually undertake to keep secret (“restricted”), such as
    1. The address, email or otherwise, or other identifying information (“PII”), including of
      1. this or other information related to our volunteers, and/or
      2. this and other information related to our tenants, and/or
      3. this and other information related to our sponsors, and/or
      4. this and other information related to more than one of these, and also
    2. We may and routinely do use and retain restricted information according to our typical and necessary practices, however
    3. We do not and will publish confidential or restricted or uncategorized information in order to make it known beyond our own internal and short-term need, meaning
      1. when required according to our policies, and
      2. when required by our procedures, or
      3. when compelled by another agency such as a regulator acting in due course, however
    4. We may request specifically in writing permissions to publish information certain we would otherwise treat as restricted or confidential, for example
      1. When such publication will or may benefit our organization and/or community (“Public Relations” “PR”), or
      2. When necessary to provide or transfer or otherwise effect or establish a service, or
      3. When such publication will or may demonstrate misuse, or
      4. When such publication will or may demonstrate other unethical or illegal conduct, however
    5. At our sole digression we may publish restricted information without consent, for example in cases where
      1. Such request for consent may impede or otherwise harm investigation related to misuse or attempted misuse, including
    1. of or by Fosshost including any and all of our directors and other volunteers, and/or
    2. of or by an outside agency acting in due course, therefore
  3. Fosshost C.I.C, including it’s directors and other volunteers each commit to
    1. classify and property handle information according policy and per the sensitively and importance of such information as we handle, and
    2. report and otherwise cause and enable or directors and secretary to record and be aware of exceptions to our usual practices as describe here, and
    3. to undertake to understand, follow, and improve our practices and especial as may be more or less directly related to protecting and securing information, including
      1. All treating as secret and use and otherwise handle with care all restricted information, and
      2. To handle and use similarly any and all other information we do not generally disclose (“confidental”), for example including
    1. other information provided by or available though our relationships with Fosshost, and
    2. When that same information or demonstrated conclusion or other data is not generally known (“secret”), and
    3. Absent explicit permission (“disclosure permissions”)
      1. in writing, and
      2. from any and all authorized and direct sources or contributers, and
    4. Unless said disclosure permissions grant us authority to more freely and/or publicly disclose said information, therefore
  4. We otherwise generally do not release confidential or restricted or unclassified information, and
  5. We generally do release all other information we specifically retain including and for our and the public record, unless and
    1. when they are not considered as confidential or restricted or otherwise withheld for example by exception or pending review, however
    2. we do so make information public only at our sole digression, and also
      1. according to our policies, and
      2. as required by our specific, routine, and well documented procedures, and
      3. as we may find necessary in order to report publicly on our application of our policy, and
      4. as we may find necessary to keep records pertaining to exceptions to our policy, and
      5. we may make such reports available to the general public and others without prior notification or consent, and also
  6. We always comply when justly and duly compelled to disclose information, including
    1. Passing such information to external entities as we must, for example
      1. Per and considering our own policies, and
      2. According to and in the justly required service or dictates of eternal entities such as regulators and/or law enforcement, and
    2. We will initiate such processes as may lead to such disclosure as we are ethical or procedurally obligated, and
  7. Where not stated or required of us otherwise, we place the information that is not confidential or restricted into the public domain, and
  8. We share information in the public domain at our digression, but
  9. We regularly review and record on any and all information we handle or retain which is not made public, and
  10. We share such aggregate and summary reporting regularly and publicly to demonstrate and allow verification of our means and results, where as
  11. Our goal is safeguarding and appositely classifying and otherwise handling information at all times, therefor
  12. We generally reserve the right to change this or any of our policies without prior notice, but
  13. We will provide timely notification of such changes to our sponsors, tenants, and volunteers, and the public, however
  14. We may allow for other specific disclosures of information per the discretion of our directors, but, and as always when given
  15. We seek to comply with and not to circumvent or avoid any and all such ethical, legal, and organizational obligations as may apply, and by
  16. Placing our first priority on protecting and securing any and all non-public (“internal use only”) information in our trust, and by
  17. Generally seeking to publish information as widely as appears to us useful and practicable given we are not otherwise prohibited or constrained.

Our Approach to Our Work (“Terms of Service”, “Terms of Authority”) Policy

SUMMARY

Who washes the mirror of the had that watches itself?

Overall:

Any service we may provide is offered AS-IS, without warranty (such as of workmanship or fitness to/for purpose) expressed or implied. In most cases, services including such any and all access we may provide (including to our own volunteers) is provided at each users own risk, at and per our discretion. In limited circumstances, certain of our staff may have rights and obligations specifically set forth in our policy (for example, to complete or verify self-auditing or related reporting requirements), and in these cases we may generally unable to deny access to certain systems to specific individuals named in this, or other of our policies or, in some limited cases, specific individuals named within our procedures.

In fact, the section may specify some of the above only in outline, for example to more or less strictly influence/establish parameters for our procedures, as may follow our policies, which we hope we more easily and flexibly change as suit our work-style and preferences, and to make these sorts of internal changes without need to generally engage the board other than a via certain minimum reporting/disclosure specified in and by ITEMS below or by our other policies and procedures.

ITEMS

  1. At our sole pleasure and convenience we do and may grant or provide any and all products and/or service (“our services”), and as such each
    1. May or can be accessed or used only per our own terms (“terms of service”, “ToS”, “end user agreement”, “agreement”, “this agreement”), including
      1. our (Fosshost’s, these) policies, procedures, and sometimes including
      2. such items as may materially related among our vital records, and also always including
    2. This agreement which constitute or terms of use is subject to change at our sole discretion and without prior notice or warning, however
      1. We carefully consider any change proposed, including to this and other of our policies, and
    1. when a proposed change is found by our volunteers to have been put forward in good faith, and then shall
    2. each proposed change be then reported to our secretary, and
      1. such reports may be made in summary or some raw form per convenience, however
      2. the specific intention of the change must be clearly stated, and
      3. periodically we shall further report on the responses of the board, and
      4. These and any similar reports may contain or intermix our views, including
      5. The views of our volunteers and directors, etc. representatives may be considered
      6. With or without consideration of other factors except
      7. As specifically as we have agreed, for example by accepting these polices as our Terms and Conditions.
        1. We similarly also carefully consider and periodically may review information submitted to us, for example such as
    3. application for hosting, and/or
    4. new applying tenant/project, and/or
    5. technology as for employment in our network or otherwise use by our volunteers or tenants, and/or
    6. volunteer who offers to help us, and/or
    7. donation whether financial, of hardware, or software, or by discount, etc., and then
    8. we may retain some information from these and/or otherwise refer or excerpt for our records, and
      1. Sometimes personal or otherwise sensitive information is included with or referenced by internal reporting.
      2. We may at our sole discretion elect to withdraw some or all or any service we have provided, and
    9. we shall report on each invocation of this discretion similarly as for a proposed change to our policies.
      1. We may generally, and except as otherwise stated within our policies or procedures delete or remove at will (“remove”, “delete”)
    10. so we may delete at any time any log or other implicit intermediary file or dataset we do not require, or
    11. so we may elect to retain or use others not specifically assigned/ascribed by us, e.g. for tenant use, and
    12. so we may delete any other file not so similarly needed or owned after some period of time, and
    13. although we may notify or attempt to notify tenants of our intention to delete information which may belong to them, however
    14. we make no implicit promise or guarantee to keep or store information for anyone apart from our own vital records, and
      1. No part of these terms or our policies or other information that we may publish provides any promise or guarantee of access to or use of our services, excepting
      2. Certain access rights and similar as have been and are explicitly stated such as for our directors to access systems as needed to inspect them, and
      3. We may change or otherwise terminate any part of our service at any time and without prior notice, and
  2. We may at our sole option require tenants to reapply or otherwise re-request our services, for example related to a change in our policies or services, and
  3. Notwithstanding our policies and procedures and otherwise process due as expressly stated herein, the decisions of our volunteers are final, however
  4. These and other policies may be amended in the form of procedures, while
    1. Each procedure may grant new or additional authority and obligations to/for our volunteers, and
    2. Each procedure except where expressly stated in related policy may increase but may not not decrease reporting or diligence requirements, and
    3. Each procedure may in no cases reduce the actual or effective authority or responsibility of our directors, and
    4. Each procedures is be uniquely named and listed in and among our policies and cataloged in a section of this document for this purpose, and
    5. Each procedure is effective once added/updated in the public repository where we maintain this policy, and
    6. Each procedure remains in effect until objected to by a director or modified, removed, or supplanted by a subsequent update, and
    7. Each change to procedure is reported to our secretary just as for other types of change such as to our policies, described above.

OUR PROCEDURES

I told you that, so I could tell you this.

SUMMARY

The PROCEDURES following define our customary and typical operating procedures, or help to further define those procedures we wish to put into place.

Each provides or may eventually replace the complete work within the specific and narrow scope set forth, and thus may to some specific extent and within an increasingly better (in terms of more concretely and more specifically and technically expressed) and more narrow means and purpose, contribute to our means by which we govern our organization or help to influence or direct our activities. Each is presently, or as we intend it to be, describing a gradually more specific and technical process in terms of sequence of steps, their meaning and consequence to our activities, their reliance publicly or to or without or community, and as toward eventually, as fully and completely as we may find necessary, to document always our intentional means including our regular operating activities and procedures.

Otherwise, the ITEMS below describe delegations of and not conference of authorities, creating a concept of “effective authority”. This enables volunteers to function with the full authority given they are operating within the specific bounds of our procedures. By enabling those within our organization to act on and for our behalf, volunteers seek to grant each other and themselves a limited set of the wide latitude of authorities granted to our per our articles and policies as above, and in exchange they agree to the same limitations and conditions in the form of the exceptions set forth here above and below. No part of this document, including any ITEM below nor inclusion by reference of some or any other items or references be as limiting the responsibilities of Fosshost, nor any director with respect to our articles or else such policy as may be written above nor first or above in the below considering that version last accepted by all directors of record.

NOTE: In fact, the Fosshost board might be considered as the four individuals in terms of those who secure the liability shield under which we operate, however it is the mutual desire of all of the directors that we have and do operate for all intents and purposes such that Fosshost CTO Nate Sales can and does act as a fifth manager and director within our organization, including fully participating as per only his own inclination and availability to act, and continue to act as an equal member of our body, being the Fosshost board. Generally, and absent any request he may have or in the future make, we do afford him any rights and privileges otherwise due a member of our board. Finally, our effective leader is Thomas Markee, our CEO and Founder. All of the directors are confident in Thomas’ leadership and pleased to support his direction for our future and the future of the FOSS movement. These articles/procedures/policies are intended to delegate but do not in any way limit or otherwise undertake to change specifically or generally his authority over the Fosshost project, organization, nor any related assets or information as we may possess or control.

ABSTRACT

Writing and Updating Procedure

For each procedure (“ITEM”), write a sub-section, describing a sequence of steps to arrive a specific goal, such as making a decision.

Ultimately, our complete set of procedures must implement and verify that we implement each of the “controls” set forward in the policies, above. For example, giving us a clear set of steps to follow to record an “exception”, etc. Thus, each of these further processes may serve to clarify use these terms is instruments of policy and practice, as well as how they work to demonstrate, or otherwise truthfully measure, the value of our work and the public good done thereby.

It may help considering how much to include from of/from:

  • a specific practice, why and how to do it, and how that is working out for us, including
    • a clear description of the procedure in terms of how complete it is,
      • Design - it has been added to this document and not otherwise removed subsequent to any other article or procedure.
      • Adoption - it has been sponsored or forwarded by rule for further consideration up to and including a specific date and time when it shall become effective
      • Implementation - it is our effective and binding policy now and we may report on our compliance with it
      • Satisfaction - in any cases where not otherwise removed subsequent to other article or procedure, feedback is welcome.
    • for new things, the specific path or course of action proscribed, who’s affected, their feelings and concerns
    • discussing/raising known and routine exceptions to other policy, if any
    • a description of how this may or should influence our network and services, and
    • any accepted understanding or theory you may have as to how our partners such as tenants or sponsors are, would be, or may be affected, and
  • include complete step-by-step technical and specific means to follow each step, whatever possible focusing first on
    • end-users (who may be trying to learn new things volunteering with us)
    • or developers (who may be trying to get something we need working)
    • And generally focusing on human facing detail (so that people can understand what we are doing, how we are doing it, and why).
  • and without fear of judgment or reprisal
    • provide only much of these as you are reasonably able. e.g., with a give commit/PR/hunk-of-your-time/etc.
    • frankly set forth alternatives in terms of and/or contrasted with our stated and aligned objectives
    • and at your own level of skill/language proficiency/etc. as best your are able and have time
  • and may create or establish roles
    • in the from of such and specific person or persons with our organization and including our partners and community, and
    • given and by generally mutual acknowledgement and consent, or
    • by specific delegation by policy or procedure, and in either case
    • when and as the directors shall agree and the secretary so record.

Preventing and Reporting Abuse

SUMMARY

We neither tolerate nor countenance any abuse nor excuse ourselves from consider and duly documenting each concern or potential concern in this regard. This procedures outlines a process for that however it should not be to constrain or discourage you from other and further acts not described here and outside of the scope of preview of Fosshost. It would and does otherwise belong to you and/as with to each of us, to report duly and as we see fit should be become aware of any serious abuse.

ITEM

  1. Abuse is, generally, unwanted personal contact and/or conduct and/or misuse of our resources, verify that we are discussing one of these items before proceeding.
    1. In case of personal abuse
      1. Please notify any director and/or duty personnel as you most feel comfortable.
      2. You may also create a ticket in any such system as you feel most comfortable (for example it would be fine to send an email to [email protected], for this), or
      3. You may email or otherwise reach out to any other volunteer whom you feel comfortable speaking with, and
      4. Any of us are glad to help you discretely create an incident report.
    1. And once the director of our operations becomes aware of the incident report which describes or otherwise alleges abuse, then we
      1. shall (or shall assign among our volunteers to) review and research the complaint, who
      2. may make immediate changes to our procedures as may be expressly needed to prevent or discover further abuse, and
      3. may and shall make a full and detailed report and deliver it personally to our secretary, or to all directors, and
      4. which secretary shall directly inform the board generally that a report was received, unless to do so may be inconsistent with complete and fair review, and
      5. which the baord presented with a substantiated shall review and comment taking or expressly declining to take the recommended actions, and otherwise
      6. shall inform the board once any finding is closed/terminated whether or not any action was taken or is recommended to be taken, and
      7. the board shall occasionally report on such incidents as and how the secretary shall choose.
    2. personal information may and should be omited or redacted from summary and other reporting measures as described here, however
    3. personal information may and should be included if some actions required of or recommended to the directors may require it.
      1. In case of network abuse or otherwise abuse of our resources
        1. Follow generally the procedure for personal abuse, however
        2. Other more specific and detailed procedures which follow may direct additional and more specific assignment and reporting.

Information Handling

SUMMARY

Most if not all of our volunteers routinely handle sensitive as well as non-sensitive information.

This procedure gives the sequence of steps and controls invoked when we handle internal use information, including materials of unknown sensitivity.

ITEMS

  1. Information we by necessary retain or intend to retain irrespective of the length of time involved is, when not otherwise classified, considered internal-use, and
  1. Our secretary shall individually or by delegation be the sole conduit or otherwise approver when we release internal use information, however
    1. Additional procedural items may further designate other channels lead to their more general release of some internal use information, however and when given
    2. These and any additionally provided policies each shall
      1. require explicit acknowledgement and prior alignment from or on the part of secretary, and then
      2. additional policy may provide that another director or a specific and individually named agent acting on behalf of a director (“director or deputy director”)
      3. Who shall always in a routinely timely fashion so notify the secretary and other directors of each creation or modification of such a procedure, and
  2. Activity that includes classification or reclassification or publishing of internal use information may trigger additional handling and reporting requirements, and
    1. Information may be handled differently according to each system where it is stored and accessed (“retained”), including
      1. Information that constitutes or composes or vial records shall be retained only in the systems or catalogs expressly for each such record, and
      2. Information systems must be expressly named and referenced in these policies and our other procedures following, and
      3. Each so named and referenced information system must be stated to contain no vital records or as to what vital records are contained, and
      4. Our procedures may require or otherwise case personally identify and other internal use information to appear in our vital records, and
    1. Where such sensitive internal use information may appear in our vital records in each case the secretary has reported a specific need for this, or
    2. That specific need and matter of practice is referenced in policy as well as set forth in procedure and thus made regular and routine, and
      1. Internal use information may be retained in others systems of more general use for other or general proposes, but only when
        1. Any vital record thus created is then transmitted to a system expressed used to access and retain such records, and
    3. Such record whether in whole or in summary provides clear references as necessary to trace information between systems, and
    4. The secretary shall regularly in summary report on each such system including
      1. Making clear all purposes purpose and current or planned and intended uses of each such system, and
      2. Making clear or otherwise directly referencing the licensing terms of each such system, and
      3. Making clear the general information and all of the most sensitive information classifications known to be retained in each such system, and
      4. Making clear the degree to which all appropriate uses we plan to identify referencing each such system is stated in our policies and procedures, and
      5. Making clear the degree to which all appropriate access controls related to each such system are stated and met per our policies and procedures, and
      6. Making clear any known or anticipated risks or reliant volatility (for example security issues) related to each such system, and
      7. Naming an individual (who shall have been named already for other purposes in our policies and procedures) as being the custodian of the system, and
        1. Otherwise final record may (unless otherwise noted such as in some specific procedure) be transmitted by email, by sending
    5. An email message created explicitly to meet the purpose of this procedure, and
    6. containing all complete and detail information needed to create the necessary record, and
    7. when such message sent to our support email address [email protected] or similar system.
  3. Routine uses of internal use information including initial classification processes are not reported, unless
    1. when probably of publication by Fosshost appears to exist, routine use is reportable as when the secretary or other directors call for such reporting, and
    2. always when inadvertent publication has occurred or in the event of reclassification having higher secrecy after publication than before/during, and
    3. always also when in the course of investigating any report or suspicion of misuse or intentional misclassification of information by us, and
  4. We will generally try to contact you anytime we believe we may have released information that could be sensitive to you, and
  5. We may not report all use of information as may relate to you even when releasing externally, for example by request of law enforcement, and
  6. We reserve the right generally to reference FOSS projects which are our tenants on our websites and other promotional and similar public materials, and
  7. We otherwise do not share information except when compelled or at and by our sole discretion, thus
    1. notwithstanding that we may share information based on the expressed and duly recorded written order of one of our directors, except whereas
    2. we have started the parties and circumstances where we share information along with reasons and systems or means involved in our polices and procedures, then
    3. we will usually not give any information to anyone or place it on any system for any reason not expressly stated by our policies and including our procedures.
      1. We shall log or record among our vital records all such systems as routinely we use to contain internal use information, and

      3.

Risk and Control

SUMMARY

This procedure explains how to report risks to us and describes how we manage risk internally.

ITEMS

Limited General Representation

Limited Due Diligence

SUMMARY

Where as some diligence may be requisite in following these procedures and making the records called for therein; however, (and notwithstanding our own training, certification, documentation, and related materials including our policies and procedures), our volunteers may have little or no specific expertise or training or otherwise certification even as may regard some or all of their specific and routine duties or other work for Fosshost. Thus all service and support are “AS-IS” being best effort of individuals acting in good faith and no more can we offer or provide.

ITEMS

Limited Liability

SUMMARY

Whereas the volunteers comprising Fosshost are all individuals acting in good faith, the liability protections afforded to the organization by virtue of its CIC registration shall apply to each of them.

ITEMS

Limited Delegation

SUMMARY

Whereas the volunteers comprising Fosshost are all well known to and trusted by each other, general authority shall often be vested in and between them, and while our best efforts to retain true and complete records will certify in some cases our director or other person of note, it may at times be some or several parties within or organization acting under the authority of our named and reporting representative, and in case where summary report shall be sufficient for our purposes (such as to detect and prevent misuse of our resources), no further record according given acts more directly may eventually be kept.

ITEMS

Exceptional Circumstance

SUMMARY

In exceptional circumstances, the volunteer or volunteers directly involved in a crisis have additional authority and responsibility.

ITEMS

Customary Authority

Routine Changes

SUMMARY

In most routine circumstances, the operations director (or delegate) will review and summarily schedule and approve changes, logging such actions for the secretary to report to the board. For some case where it may be necessary, we also provide for a an hierarchical decision making structure. This generally serves to give our Chief Executive Officer or other directors the ability to intercept and redirect contentious decisions, and bring them before our board for consideration. Absent contention, or specific intervention from our CEO, it places most complicated decision making authority with our Chief Technology Officer. It also provides that the director will usually have specific criteria (stated in other procedures) for when rejecting/declining to schedule a given change.

ITEMS
  1. The duty director of operations has the initial right of approval for all non-emergency changes
    1. There is always a director of operations on duty
    2. When no person has been so assigned, that person is the deputy director of operations (Hope Christensen, DDO)
    3. When the DDO is not available or otherwise declines, that person is the director in charge of operations (Corwin Brust, COO)
    4. When the COO or another director may disagree with the DDO we defer to our executive in chief (Thomas Markey, CEO), or
    5. When our CEO shall neither object nor direct the matter, then
    6. The view of the technical officer in chief (Nate Sales, CTO) shall prevail, unless or
    7. When the CTO does not object or direct the matter, then
    8. The majority of the board shall be recorded before such officers view or instruction may be set aside, however
    9. The duty director shall generally approve all changes unless they do not comply with
      1. These policies and procedures or otherwise, or articles, and/or
      2. The express stated wishes of one or several directors, and
      3. Should state a reason for rejecting the change, ideally in terms of one or several references to our procedures.
  2. Routine changes, such as to reassign IP addresses, etc. are made with the authority DDO and may be delegated.
  3. Changed deemed as projects (e.g having tenant impact, etc.) additionally require approval from our Head of Projects (Nik Anderson, HOP) prior to review by DDO.
  4. Further and other procedures may within a stated and narrow scope enable specific changes to be considered as routine, when and given
    1. Such procedure each (or by cooperation between several processes together) shall not circumvent the due notification of the offices of individuals here listed, and
    2. Such procedure which are new and/or changed each shall be placed before the board of the directors of fosshost
      1. initially before they may become effective, and
      2. periodically for review, however
      3. once effective each shall remain effective until replaced (as described in our policies) or objected to/removed by the board of the directors of Fosshost.

Emergency Maintenance

  1. The duty director of operations shall be notified of any emergency maintenance
    1. Notification shall be made to the directors within 24hrs after or within 2hrs during any emergency maintaince,
    2. And the secretary shall report to the directors and to board of the directors of Fosshost following such, and otherwise and after
  2. For the purpose of restoration of service emergency changes are summarily approved by the duty director upon completion of any otherwise required process.

Public Relations

  1. The volunteers who support our public relations effort may be and are often subject to information before others within our organization.
  2. In this work we routinely use other formats and/or systems and may store internal use information on those systems, which are not generally reported from.
  3. Neither fosshost nor any given volunteer can be responsible for loss or exposure of information due, for example, to a breach of such a system, except in case where otherwise fosshost or such volunteer would be a party such a breach, or other similar malfeasance.

Defining and Prioritizing Projects

SUMMARY

The alignment of the head of projects (Nik Anderson, HOP) or a specifically named delegate or a director of Fosshost shall be recorded, and some criteria are suggested.

ITEMS

  1. The HOP shall generally forward for scheduling of implementation (“approve”), each project which
    1. Has a clearly stated direct value to our tenants, volunteers, and/or community, and
    2. Aligns and supports our process and/or includes the required changes updating them along with delivery/completion of the project, and
    3. Provides a warranty of intention to support by specific individuals where general understanding may not yet exist within our team, and
  2. The HOP also shall generally decline to forward (“reject”), each project which
    1. Conflicts or appears to conflict with or circumvent or otherwise avoid the reporting or information handling or otherwise our policies and procedures, or which
    2. Conflicts with a specific and direct written order from a director or from the board of our directors, or which
    3. Is generally or appears seriously disliked or not well understood by the team, e.g. our volunteers.

Scheduling Criteria

SUMMARY

Alignment from the duty director of operations (DDO, generally Deputy Director of Operations, Hope Christensen, or as delegated) is generally a formality based on circumstances, however planed changes to network (excluding work to and within test and development infrastructure of our own), come in two phases: Scheduling a change, when we consider it’s readiness, and implementing the change, when we ensure no other complications appear to exist before we begin. Scheduling can involve careful consideration, even learning how new technologies will interact with our network and our work supporting it. Final change alignment is generally evident from circumstance.

ITEMS

  1. The DDO shall generally forward projects and schedule them for release when
    1. If they are projects, the HOPs alignment is noted, and
    2. When such public facing changes as may be required can and will be completed as part of the implementation, and
    3. When tenant impacts are known and verified, and
    4. At least two volunteers who are not the proponent of note, or one volunteer who is also a director, have reviewed and tested and otherwise aligned to the change, or
  2. The DDO shall generally decline to forward (“reject”) when
    1. There is no clear proponent for a change, or
    2. A number of volunteers claim unfamiliarity including inability to freely access references, review configuration, etc., or
    3. When the change replaces something better documented especially as within our procedures, or
    4. When a director has in writing objected, or
    5. When directed by the board not to forward the change. or
    6. When otherwise finding the change may not be ready for release, and
    7. And upon so documenting and reporting shall reject the change generally without prejudice.
  3. The DDO shall generally implement and/or approve to implement (“approve”) such changes as may be scheduled, except
    1. Upon finding an emergency change or otherwise significant network activity not anticipated for the change window, or
    2. When otherwise concerned, for example related to the stability or testing, or similar or other concerns, then
    3. The DDO shall revert the planned change once again for scheduling, and so report to the secretary and directors.

Technical Criteria

SUMMARY

This procedures provides a generic process for cross-checking a given software change installation/configuration/reconfiguration is ready for scheduling. In some cases individual ITEMS (and associated reporting, if any) may not apply.

ITEMS

  1. Testing -
    1. Has the change been tested?
      1. YES: link to test results
      2. NO: verify director alignment
      3. NO TESTING POSSIBLE: If a 1:1 test is not possible, document anything we did to be confident the change is correct/will work as expected.
  2. Stakehoder Alignment
    1. N/A, change doesn’t have significant stakeholders
    2. Pending change communication and notification planning
    3. Stakeholders communication is partially complete
      1. State any other communication/notification (when and any template for each) required
    4. All stakeholder communication was verified and/or has been included as part of the change plan.
    5. Should this change be considered for a future press release or blog post or other self-promotion?
  3. Technical Change Impact
    1. Public and Tenant Facing Documentation
      1. N/A, no such document is related to the change
      2. Included, all documentation updates are included as part of this change
      3. As instructed
    1. State any documentation that should be updated (when and repo/process document for each)
      1. TBD, externally facing documentation impact is unknown
      2. Incremental, some related documentation is out of date now and will remain so after the change
      1. Are new technologies (e.g. programs, web-services, architectures, virtualization techniques, etc.) included with the change?
        1. If YES, for each, how many Fosshost volunteers understand the new tool/service/application well?
      2. Are any technologies or approaches retired or eventually replaced by this change?
        1. If YES, Describe any remaining work to retire/replace not completed by this change.
      3. Is our process and other critical internal documentation current with respect to this change?
        1. Operating Model (Procedures)?
        2. CMDB
        3. Blueprints (and/or Roadmaps)
      4. When will the change take place?
        1. When will it start?
        2. Planned duration?
        3. Does this include time for backup/testing/backout? (How much?)

Operational Logging

SUMMARY

Fosshost keeps many logs and other similar records of and related to it’s activities. This procedure provides for two general types, one of which is used to provide the public account shared (initially) with directors on an on-going basis, and the other for internal non-reporting systems, which are generally accessible to more of our volunteers or used for other specific purposes.

ITEMS

  1. We shall maintain logs and other records until they are by policy or by order of the board removed, and
  2. We shall maintain separately and carefully any such records as may over a long period in time as with our vital records, and
  3. Some information and information systems may different requirements based on how we used them, including
    1. Systems used for reporting and vital records (“Reporting Systems”), which shall
      1. Contain, even when or by reference any and all such information, as
      2. for a director or other officer named by this or other of our policies, to
      3. review and report such and all related activties of the organization, as
      4. said officer or director shall control or otherwise have right to review on our behalf, given
      5. any and all technology and systems access and credentials needed are duly given, or otherwise
    2. Systems not used for reporting but otherwise used internally (“Non-Reporting Systems”, “Other Internal Systems”)
      1. May contain information that is non-reportable (such as internal and 3rd party communications), and
      2. May contain information that does not represent the views or position of Fosshost or our directors or other volunteers, and
      3. Officers or others requiring access (e.g. for example, officers named in this policy) that access shall be given as required, when
    1. A given system is routinely referenced in Reporting Systems, or
    2. Upon duly written request from any director, and otherwise
      1. We grant access to systems, including where that access may include the ability to delete or review logs, when
        1. A specific need exists for a person to access or routinely access a technology or system or systems, or
        2. When our policy or legal or other requirement compels us to do so, however
        3. We may at our digression follow other procedures, and
        4. Such other procedures may be
    3. given below, for example by reference, among our procedures, or otherwise by
    4. exception, duly recorded as described above and elsewhere herein, and
  4. Logs of any kind which serve no purpose may be removed/deleted
    1. at any time at our sole digression, however
    2. we perform such deletion or removal by default automated means in most cases, or otherwise
    3. such manual deletion of logs as we may order or detect may be recorded as a Planned Changed or Emergency Change, or is otherwise reported, thus
  5. Notwithstanding our officers and such rights and obligations as each may have (for example to inspect and otherwise audit Reporting Systems and those referenced),
    1. Access to any of our systems is a privilege, and
    2. May be revoked at any time, and
    3. with or without cause or any reason stated, and
    4. At our sole digression, but only given when
    5. You consent to these and other terms.
  6. Reporting Systems shall not directly store, but may reference incorporate, information
    1. Making or containing reference to a specific person not also referenced by that same name elsewhere in our policies and procedures, or
    2. Including or referencing communication not intended to/for Fosshost or otherwise not clearly related to our acitivites, or
    3. Making or containing reference to events not pertaining to the activities of Fosshost
  7. Non-Reporting Systems may and do store such information as may be required or convenient to and for our organization, however
    1. We regularly inventory, audit, and otherwise account for all of our internal systems, and
    2. Similarly, we do inventory, audit, and otherwise track access to all our internal systems,
    3. And we do report and consider as vital records all such inventories and audits and their findings.

ADMINISTRATIVE

We intend to document or otherwise describe nearly all of our internal procedures, while some details may be redacted and/or stored in more private repositories, we try to provide clear parameters around what we cannot publish, and to publish as much detail would be prudent and courteous and not more.

The items in this section describe tasks which are generally administrative but may include or reference other (e.g. more technical or more general) procedures elsewhere described in more detail. Additionally, some details such as specific system names, symbolic links, keys, or other identifiers other than the names of people may be removed, replaced with placeholders, obscured, or otherwise concealed in those versions of our policies and procedures such as we make available publicly or otherwise than for our own (otherwise unrestrained) internal and necessary use.

Keeping the Operations Log

Basic Ticketing

Requesting credentials

Reviewing Applications

On-boarding

Facilities

Other (Sponsors and Vendors)

Updating the Asset Catalog

Shipping and Receiving

Special Handling for Reimbursable Receipts

Accepting and Transferring Donations

Running Meetings

TECHNICAL

Testing Your Credentials

AARCH64

AARCH64 Tenant Provisioning

AARCH64 Creating Clusters

AARCH64 Adding and Removing Nodes

AARCH64 Troubleshooting

General or x86 Specific

Tenant Provisioning

Credentials

Provision Tenant Credential
Provision Volunteer Credential
Removing Credentials

New or Changed or Replaced Nodes

Racking Hardware
Provisioning Hypervisors
Restoring or Replicating a Node
Pooled Disc Replacement
Adding SSD
Troubleshooting Hardware Node Installation and Change

Mirrors

Add a mirror
Remove a mirror
Mirrors Troubleshooting

Email and Web Hosting

Provision a domain/project
Remove a domain/project
Email and Web Troubleshooting

DNS

Domain Registration
Domain Renewal
Reverse DNS
DNS Troubleshooting

OVERSIGHT

Reporting Malfeasance and Abuse

Reporting Accounts Payable

Reporting Donations in Summary

Reporting Data Breach or Compromise

Reporting Termination of Service

Reporting Completed Changes in Summary

Reporting Proposed Changes to Policy and Procedure

Reporting Architecture and Design

Reporting Technology Changes

Reporting Outages

Reporting Applications Processed

Providing a Summary Report to the Board

Special Procedure for Board to Stand Generally In Recess

INCOMPLETE AND OTHER

scraps, extended notes, references, and clarifications

items may each include, or may by specific reference to other items, include summary, general, technical, and proposed or authoritative descriptions including such delegations as we have agree to make and specifically agree to. Considering this document as including by reference all duly referenced documents and other information, and given access to all sources of such information as may be necessary to fully and completely perform in good faith any and all audits, retention of records, or other specific duties any director or some other volunteers is or may be entitled or obligated to perform, this and no other document or sources except those as we may duly reference or make regular and known exception to reference related to, and not any other document or other contract or device controls or otherwise compels our organization or it’s members/representatives, who seek at all times to act in the public good to create and demonstrate benefit to our community.

NOTE: Sections may include by reference additional language and descriptions that narrow or further specify and clarify some or all of our practices, and may include references which aren’t and may never become public. Such are generally considered in terms of known exceptions to our transparency policy and documented as such, however they are in all cases specifically and, even if when by explicit reference to a private or other protected system may have been redacted, otherwise complete and true as for someone with full and complete access to the set of records including those referenced as a single set of information taken at a specific point in time.

Otherwise, no allowance for any change to the above or other below information (e.g. beside narrowing and adding of specificity, etc. updates for currency, and other maintenance as may have been or already be defined or allowed for) is changed nor is intended to be changed in or by ITEMS below except that the ITEMS below are intended to be simpler in nature, potentially each describing a simple (however technical) sequence of steps, and for the express purpose of simplifying such as may be below, the maintenance thereof, and enabling the swift and appropriate delegation of effective authority within our organization to effect changed based upon our agreed to processes, including those

And where helpful in clarifying and otherwise understanding, as to accept or otherwise if and when they may be effective, some policy or procedure described whether outlined or in detail by this procedure, or by inclusion herein recognized (for example, for later inclusion by reference) such as standard and regular exceptions to our usual process, such as we duly record and may hereby acknowledge, however, and otherwise, each procedure or other regular and routine construction to satisfy our obligations, for example under our articles or policies, which document or otherwise reference its own accounts of such exceptions.

such as to make a specific and limited scope of authority( or meaning to reference as to fully describe the actual or intended practice and provide and the most full and accurate description available as to its complete meaning and necessary effects on our organization and otherwise to provide and/or provide by reference the complete work. Unless as may be noted in our articles or otherwise above

From time to time, such as for information we deem to be for internal use only, certain specific systems and/or information or mechinisims for interacting with these systems or information may be described in significant part elsewhere and used to limit such reference, information may be stored or managed by procedure or referenced cannot be published referenced more directly here. Where, and to the extent available detailed technical as well as human oriented information may be included or referenced. In some cases, restricted or other internal use information may be directly or otherwise significantly cause risk or injury to Fosshost, or our tenants, supporters, etc. community should they exposed, expressed, described, or more directly referenced herein, in which case the below ITEMS may provide reference and constraint and thereafter permit our of some or several internal use system or record or other information, when and only when, if not constrained by such and/or similar restrictions if expressed most simply and directly herein, wherefore ITEMS below may, express and/or including by description and reference any and all obligations, restrictions placed on Fosshost or by Fosshost on others whether directly as a result of our intended activities as may be and are authorized under this complete work, taken together and considering it with all referenced or otherwise explicitly incorporated works general as all any full and complete as technical and specific authorities for some or all of those empowered or otherwise guided by our organization, such as while volunteering for or receiving service from Fosshost.

Notwithstanding this SUMMARY and below NOTE, which other than this sense may be by procdure, including the nature, meaning, and effect of the below NOTE

in terms of both general and, where possible and completed, specific and technically accurate and complete documentation of our methods and approaches. In so far as we have governing internally maintained documentation or have otherwise provided any framework to create or use or otherwise use information other than our own best judgment including our full and complete knowledge and belief, that documentation, or reference and outline for that documentation including, where available such as eventually by following of documented and consistently available for them, have agreed to do so, and/or whereas we are working toward those goals.

For each sub-section, a write a new procedure trying to including as much as possible of/from

  • a specific practice, why and how to do it, and how that is working out for us, including
    • a clear description of the procedure in terms of how complete it is,
      • Design - it has been added to this document and not otherwise removed subsequent to any other article or procedure.
      • Adoption - it has been sponsored or forwarded by rule for further consideration up to and including a specific date and time when it shall become effective
      • Implementation - it is our effective and binding policy now and we may report on our compliance with it
      • Satisfaction - in any cases where not otherwise removed subsequent to other article or procedure, feedback is welcome.
    • for new things, the specific path or course of action proscribed, who’s affected, their feelings and concerns
    • discussing/raising known and routine exceptions to other policy, if any
    • a description of how this may or should influence our network and services, and
    • any accepted understanding or theory you may have as to how our partners such as tenants or sponsors are, would be, or may be affected, and
  • include complete step-by-step technical and specific means to follow each step, whatever possible focusing first on
    • end-users (who may be trying to learn new things volunteering with us)
    • or developers (who may be trying to get something we need working)
    • And generally focusing on human facing detail (so that people can understand what we are doing, how we are doing it, and why).
  • and without fear of judgment or reprisal
    • provide only much of these as you are reasonably able. e.g., with a give commit/PR/hunk-of-your-time/etc.
    • frankly set forth alternatives in terms of and/or contrasted with our stated and aligned objectives
    • and at your own level of skill/language proficiency/etc. as best your are able and have time
  • and may create or establish roles
    • in the from of such and specific person or persons with our organization and including our partners and community, and
    • given and by generally mutual acknowledgement and consent, or
    • by specific delegation by policy or procedure, and in either case
    • when and as the directors shall agree and the secretary so record.

And whereas these are for our internal and external practices. specifically:

  • defining a general practice for decision making including information categorization
  • listing the categories of information we recognize
  • describing the purpose and intent of procedures specifically established by our policy for handling information
  • describing how we create and maintenance procedures considering the information sensitivity and other factors

Some too portion of the complete set represented by all policies and procedures may secret, in that to some degree or in some parts they may be internal-use only. For example for example, certain source code, branches, ticketing notes or other documentation may contain such information or by reference or inference touch upon privacy controls or specifically controlled information as we may retain and/or use for internal or other purposes as elsewhere in our policies and procedures specifically specified, wherefore items included herein and by reference, even as may be as specifically made internal-use or otherwise classified not for distributor/publication, e.g. to the public, are not to be distributed otherwise and expect and documented specifically herein and above, and within confine and by these extensions this is our full and complete reference in our policy and procedure, including for example such details in terms any or all a known exceptions, or and reported on as so described herein as such, with the provision that no further act lower in this policy or procedural guidance above the prior items is to be construed as relinquishing the authorities or responsibility defined under our articles or above as items of our policy, though they may delegated as a matter of course where well demonstrably established as routine and regular and duly reported as may regard within this single document including such private references as it may to be considered complete require.

CONCLUSION

NOTE: this concludes our policies, refer to the information above for any completed or other procedure and/or policies and procedural language work-in-process, documentation and references regarding FOSS products and services we directly or by extension provide along with their licenses and any unique guidance or perspective we may have regarding our use, and such else as we may include or allow to be included and generally to demonstrate or effect or otherwise progress toward that herein and/or as duly referenced, and whereas we may (as prudent and courteously, publicly) provide for a transparent reliable alternative for FOSS projects, attending to their regular and necessary internet services and for such hosting needs without charging them or anyone specifically for any given services, and this including all of the above and below including those public external or private internal and secret forms referenced herein. and together these with our articles as filed with the office of the UK CIC regulator form or as may be ammended and duly recorded herein while our articles are being reflied or updated or otherwise consistude by or for this or a similar authority, and when taken together all of these for our complete and sole policy and/or procedure, and otherwise no document or contract controls the actions of our directors or other volunteers without it is expressly and duly provided for and reported herein.

About

Our operating model stated in terms of our legal and ethical obligations.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published