User:Mstone/Commentaries/Infrastructure 1
Jump to navigation
Jump to search
Here are some proposed requirements for a software system and procedure for communal maintenance of infrastructure:
- Data integrity
- It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.
- -- Reason: if you're concerned about a system then you probably don't know whether any secrets it contained are still secret.
- Timely access
- Failures of otherwise critical pieces of infrastructure should not inhibit timely read or write access to the reference documentation.
- Credential rotation
- When people leave the VIG, it should be easy to remove their access to secrets created after their exit.
- If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.
- It should be easy to add give new VIG members access to current secrets.
- Publishability
- Secrets should be carefully separated from public knowledge (e.g. with encryption or quarantine) so that everything else can be published.