Now that we have released the slightly updated version of Debian’s Machine Usage Policy (DMUP), I am thinking about a major rework for the next version. Maybe we should even start with a completely new text for it. I am currently doing a bit of brainstorming about how the new version could look.
Here are some of my ideas (completely unsorted):
- Debian is not an ISP. All services are offered on a best-effort basis. While we provide @debian.org email addresses, they should only be used for Debian-related work.
- Debian resources should be used for Debian-related work only. Even though I think this is self-evident, it should be explicitly mentioned.
- Data meant to be private should stay private, and not mirrored elsewhere. This especially includes log files and subscription data of any kind. I am not sure yet what to do with anonymized data, but in my personal opinion we should not even allow mirrored data of that.
- Drop large parts of the document and move it to a new document, called Debian Machine Usage Guidelines or Debian Machines Best Practices. Some parts of the current document are outdated, so let’s see if we can drop those entirely.
- We forbid unlawful activities on our machines. Machines should not be used for private financial gain or for commercial purposes.
- Penalties might need some rework, in coordination with DAM.
Please note that this brain dump is my very personal opinion and does not reflect the opinion of the complete DSA team.
I would like to see a discussion on what the new DMUP should look like. Even though the final decision on which paragraphs make it into DMUP should stay with DSA, I think the Debian community should be involved in the evolution of this document.
Even though i am not attending DebConf10 (actually I think no one from DSA will make it), it might be a good idea if the conference could be used to do some further brainstorming. Maybe having a BoF on DMUP 2.0 might be a good idea.