README.html

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2021-11-14 Sun 03:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Our Policies</title>
<meta name="author" content="Corwin Brust" />
<meta name="generator" content="Org Mode" />
<style>
  #content { max-width: 60em; margin: auto; }
  .title  { text-align: center;
             margin-bottom: .2em; }
  .subtitle { text-align: center;
              font-size: medium;
              font-weight: bold;
              margin-top:0; }
  .todo   { font-family: monospace; color: red; }
  .done   { font-family: monospace; color: green; }
  .priority { font-family: monospace; color: orange; }
  .tag    { background-color: #eee; font-family: monospace;
            padding: 2px; font-size: 80%; font-weight: normal; }
  .timestamp { color: #bebebe; }
  .timestamp-kwd { color: #5f9ea0; }
  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
  .underline { text-decoration: underline; }
  #postamble p, #preamble p { font-size: 90%; margin: .2em; }
  p.verse { margin-left: 3%; }
  pre {
    border: 1px solid #e6e6e6;
    border-radius: 3px;
    background-color: #f2f2f2;
    padding: 8pt;
    font-family: monospace;
    overflow: auto;
    margin: 1.2em;
  }
  pre.src {
    position: relative;
    overflow: auto;
  }
  pre.src:before {
    display: none;
    position: absolute;
    top: -8px;
    right: 12px;
    padding: 3px;
    color: #555;
    background-color: #f2f2f299;
  }
  pre.src:hover:before { display: inline; margin-top: 14px;}
  /* Languages per Org manual */
  pre.src-asymptote:before { content: 'Asymptote'; }
  pre.src-awk:before { content: 'Awk'; }
  pre.src-authinfo::before { content: 'Authinfo'; }
  pre.src-C:before { content: 'C'; }
  /* pre.src-C++ doesn't work in CSS */
  pre.src-clojure:before { content: 'Clojure'; }
  pre.src-css:before { content: 'CSS'; }
  pre.src-D:before { content: 'D'; }
  pre.src-ditaa:before { content: 'ditaa'; }
  pre.src-dot:before { content: 'Graphviz'; }
  pre.src-calc:before { content: 'Emacs Calc'; }
  pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
  pre.src-fortran:before { content: 'Fortran'; }
  pre.src-gnuplot:before { content: 'gnuplot'; }
  pre.src-haskell:before { content: 'Haskell'; }
  pre.src-hledger:before { content: 'hledger'; }
  pre.src-java:before { content: 'Java'; }
  pre.src-js:before { content: 'Javascript'; }
  pre.src-latex:before { content: 'LaTeX'; }
  pre.src-ledger:before { content: 'Ledger'; }
  pre.src-lisp:before { content: 'Lisp'; }
  pre.src-lilypond:before { content: 'Lilypond'; }
  pre.src-lua:before { content: 'Lua'; }
  pre.src-matlab:before { content: 'MATLAB'; }
  pre.src-mscgen:before { content: 'Mscgen'; }
  pre.src-ocaml:before { content: 'Objective Caml'; }
  pre.src-octave:before { content: 'Octave'; }
  pre.src-org:before { content: 'Org mode'; }
  pre.src-oz:before { content: 'OZ'; }
  pre.src-plantuml:before { content: 'Plantuml'; }
  pre.src-processing:before { content: 'Processing.js'; }
  pre.src-python:before { content: 'Python'; }
  pre.src-R:before { content: 'R'; }
  pre.src-ruby:before { content: 'Ruby'; }
  pre.src-sass:before { content: 'Sass'; }
  pre.src-scheme:before { content: 'Scheme'; }
  pre.src-screen:before { content: 'Gnu Screen'; }
  pre.src-sed:before { content: 'Sed'; }
  pre.src-sh:before { content: 'shell'; }
  pre.src-sql:before { content: 'SQL'; }
  pre.src-sqlite:before { content: 'SQLite'; }
  /* additional languages in org.el's org-babel-load-languages alist */
  pre.src-forth:before { content: 'Forth'; }
  pre.src-io:before { content: 'IO'; }
  pre.src-J:before { content: 'J'; }
  pre.src-makefile:before { content: 'Makefile'; }
  pre.src-maxima:before { content: 'Maxima'; }
  pre.src-perl:before { content: 'Perl'; }
  pre.src-picolisp:before { content: 'Pico Lisp'; }
  pre.src-scala:before { content: 'Scala'; }
  pre.src-shell:before { content: 'Shell Script'; }
  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
  /* additional language identifiers per "defun org-babel-execute"
       in ob-*.el */
  pre.src-cpp:before  { content: 'C++'; }
  pre.src-abc:before  { content: 'ABC'; }
  pre.src-coq:before  { content: 'Coq'; }
  pre.src-groovy:before  { content: 'Groovy'; }
  /* additional language identifiers from org-babel-shell-names in
     ob-shell.el: ob-shell is the only babel language using a lambda to put
     the execution function name together. */
  pre.src-bash:before  { content: 'bash'; }
  pre.src-csh:before  { content: 'csh'; }
  pre.src-ash:before  { content: 'ash'; }
  pre.src-dash:before  { content: 'dash'; }
  pre.src-ksh:before  { content: 'ksh'; }
  pre.src-mksh:before  { content: 'mksh'; }
  pre.src-posh:before  { content: 'posh'; }
  /* Additional Emacs modes also supported by the LaTeX listings package */
  pre.src-ada:before { content: 'Ada'; }
  pre.src-asm:before { content: 'Assembler'; }
  pre.src-caml:before { content: 'Caml'; }
  pre.src-delphi:before { content: 'Delphi'; }
  pre.src-html:before { content: 'HTML'; }
  pre.src-idl:before { content: 'IDL'; }
  pre.src-mercury:before { content: 'Mercury'; }
  pre.src-metapost:before { content: 'MetaPost'; }
  pre.src-modula-2:before { content: 'Modula-2'; }
  pre.src-pascal:before { content: 'Pascal'; }
  pre.src-ps:before { content: 'PostScript'; }
  pre.src-prolog:before { content: 'Prolog'; }
  pre.src-simula:before { content: 'Simula'; }
  pre.src-tcl:before { content: 'tcl'; }
  pre.src-tex:before { content: 'TeX'; }
  pre.src-plain-tex:before { content: 'Plain TeX'; }
  pre.src-verilog:before { content: 'Verilog'; }
  pre.src-vhdl:before { content: 'VHDL'; }
  pre.src-xml:before { content: 'XML'; }
  pre.src-nxml:before { content: 'XML'; }
  /* add a generic configuration mode; LaTeX export needs an additional
     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
  pre.src-conf:before { content: 'Configuration File'; }

  table { border-collapse:collapse; }
  caption.t-above { caption-side: top; }
  caption.t-bottom { caption-side: bottom; }
  td, th { vertical-align:top;  }
  th.org-right  { text-align: center;  }
  th.org-left   { text-align: center;   }
  th.org-center { text-align: center; }
  td.org-right  { text-align: right;  }
  td.org-left   { text-align: left;   }
  td.org-center { text-align: center; }
  dt { font-weight: bold; }
  .footpara { display: inline; }
  .footdef  { margin-bottom: 1em; }
  .figure { padding: 1em; }
  .figure p { text-align: center; }
  .equation-container {
    display: table;
    text-align: center;
    width: 100%;
  }
  .equation {
    vertical-align: middle;
  }
  .equation-label {
    display: table-cell;
    text-align: right;
    vertical-align: middle;
  }
  .inlinetask {
    padding: 10px;
    border: 2px solid gray;
    margin: 10px;
    background: #ffffcc;
  }
  #org-div-home-and-up
   { text-align: right; font-size: 70%; white-space: nowrap; }
  textarea { overflow-x: auto; }
  .linenr { font-size: smaller }
  .code-highlighted { background-color: #ffff00; }
  .org-info-js_info-navigation { border-style: none; }
  #org-info-js_console-label
    { font-size: 10px; font-weight: bold; white-space: nowrap; }
  .org-info-js_search-highlight
    { background-color: #ffff00; color: #000000; font-weight: bold; }
  .org-svg { width: 90%; }
</style>
<link rel="stylesheet" type="text/css" href="https://fniessen.github.io/org-html-themes/src/readtheorg_theme/css/htmlize.css"/>
<link rel="stylesheet" type="text/css" href="https://fniessen.github.io/org-html-themes/src/readtheorg_theme/css/readtheorg.css"/>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
<script type="text/javascript" src="https://fniessen.github.io/org-html-themes/src/lib/js/jquery.stickytableheaders.min.js"></script>
<script type="text/javascript" src="https://fniessen.github.io/org-html-themes/src/readtheorg_theme/js/readtheorg.js"></script>
</head>
<body>
<div id="content" class="content">
<h1 class="title">Our Policies</h1>
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#org27de362">1. SUMMARY</a>
<ul>
<li><a href="#orgb7b751b">1.1. Overview</a>
<ul>
<li><a href="#orgd531c0c">1.1.1. About Us</a></li>
<li><a href="#orga24c3ba">1.1.2. INCOMPLETE DRAFT</a></li>
<li><a href="#org41aa1af">1.1.3. Introducing "Our Policies"</a></li>
<li><a href="#orgb3c42dc">1.1.4. How We Organize (Our Policies)</a></li>
<li><a href="#org975c708">1.1.5. Document Sections and Sub-Sections within POLICY and PROCEDURE Sections</a></li>
<li><a href="#orgd601c72">1.1.6. The README file</a></li>
<li><a href="#org9b9ba6b">1.1.7. Conflicts</a></li>
<li><a href="#orgd23597a">1.1.8. More About Us</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>

<div id="outline-container-org27de362" class="outline-2">
<h2 id="org27de362"><span class="section-number-2">1.</span> SUMMARY</h2>
<div class="outline-text-2" id="text-1">
</div>
<div id="outline-container-orgb7b751b" class="outline-3">
<h3 id="orgb7b751b"><span class="section-number-3">1.1.</span> Overview</h3>
<div class="outline-text-3" id="text-1-1">
</div>
<div id="outline-container-orgd531c0c" class="outline-4">
<h4 id="orgd531c0c"><span class="section-number-4">1.1.1.</span> About Us</h4>
<div class="outline-text-4" id="text-1-1-1">
<p>
<a href="https://fosshost.org">Fosshost</a> is a not-for-profit "cloud" provider.
</p>

<p>
Our volunteers offer self-hosting at no cost to Free and Open Source Software projects which must apply for our services.  Projects must meet eligibility criteria, for example publishing using a FOSS license.
</p>
</div>
</div>

<div id="outline-container-orga24c3ba" class="outline-4">
<h4 id="orga24c3ba"><span class="section-number-4">1.1.2.</span> INCOMPLETE DRAFT</h4>
<div class="outline-text-4" id="text-1-1-2">
<blockquote>
<p>
This is an unfinished work in progress.
</p>
</blockquote>

<p>
This document ("our policies") does not become effective until approved by our board of directors.  When that occurs we'll update this section to reflect the date when our policies became effective.
</p>
</div>
</div>

<div id="outline-container-org41aa1af" class="outline-4">
<h4 id="org41aa1af"><span class="section-number-4">1.1.3.</span> Introducing "Our Policies"</h4>
<div class="outline-text-4" id="text-1-1-3">
<p>
Our policies can be a little complicated.  Simply put, our policies create a structure for running our project.
</p>

<p>
The documents in this repository help us organize Fosshost ("the project").  Taken to together we refer to them as "our policies" or (occasionally) "this work", "this document", "these documents", etc.
</p>
</div>

<ol class="org-ol">
<li><a id="org375d025"></a>Sharing and Reuse of Our Policies<br />
<div class="outline-text-5" id="text-1-1-3-1">
<p>
We have designed our policies to be of general use to the Free and Open Source Software community.
</p>

<p>
We hope that you find them instructive and useful when creating organizing materials for your own projects.
</p>
</div>
</li>

<li><a id="orgb3f8898"></a>Dual License of/for Our Policies<br />
<div class="outline-text-5" id="text-1-1-3-2">
<p>
Our Policies (including all of the sections/parts/etc included herein) are made available dual-licensed according to the terms as specified by:
</p>

<ul class="org-ul">
<li><a href="https://www.gnu.org/licenses/fdl-1.3.html">GNU Free Documentation License Version 1.3</a> or (at your preference) any newer version of that license ("GFDL1.3+"), and/or</li>

<li><a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution-ShareAlike Unported License version 3.0</a> ("CC BY-SA 3").</li>
</ul>


<p>
Modified/derived versions may be created/distributed under the terms of either license linked/referenced above or, to the extent allowed by the terms of these licenses, both.
</p>
</div>
</li>
</ol>
</div>

<div id="outline-container-orgb3c42dc" class="outline-4">
<h4 id="orgb3c42dc"><span class="section-number-4">1.1.4.</span> How We Organize (Our Policies)</h4>
<div class="outline-text-4" id="text-1-1-4">
<blockquote>
<p>
Well organized work is accountable, repeatable, and trust-worthy.
</p>
</blockquote>

<p>
All of our work should be well organized.
</p>
</div>

<ol class="org-ol">
<li><a id="orgb3b032a"></a>Handle Change Deliberately<br />
<div class="outline-text-5" id="text-1-1-4-1">
<p>
We seek to maintain a clear and minimum effective organizational structure. Our organizing practices must be transparent (within the publicly stated confines given), and accountably demonstrate the trust-worthiness of our overall organization.
</p>

<p>
Given the velocity (and potential velocity) of change from an information governance (as well as regulatory governance) standpoint, we consider it prudent that we consider our agility to respond to changes, for example of expectations of/for/upon us, in a purposeful and timely and deliberate manner.
</p>
</div>
</li>

<li><a id="orgc2746a3"></a>Document Risks and Controls<br />
<div class="outline-text-5" id="text-1-1-4-2">
<p>
This includes our manner for handling changes, broadly considered, as for example to including setting CONTROLS and MEASURES to create Accountability Measures related to our stated goals, as documented by our Officers, Directors, and etc. as otherwise may be expressly described in and by Our Policies.
</p>
</div>

<ol class="org-ol">
<li><a id="org2cb253f"></a>Information Security Disclosure: Risk, Control, and Measurement Documentation<br />
<div class="outline-text-6" id="text-1-1-4-2-1">
<p>
Versions of this documentation set may include internal information, considered as confidential by Fosshost.
In such cases, this document will have been marked CONFIDENTAL.
</p>

<p>
Whether or not this document contains sensitive information, we may have used such information to "generate" some or all of it, for example to produce any publicly stated measures included such as the count of tenant projects we currently support.  This is "aggregate information", and not sensitive unless otherwise indicated.
</p>

<p>
Implementing this requires carefully gathering and maintaining verifiable and accessible versions of certain information, for example sometimes detailed or "verbatim"  records (e.g. notes, recordings, etc.) of our internal or other communications and routine (or unusual) work.
</p>

<p>
Just as with the work underlying maintenance for any complex inter-networked tool-set (FOSS or otherwise),  these "requests" (and any such similarly intended requirements) can feel cumbersome.  They often seem to come when (and particularly frustrate us just as) we are reaching particularly interesting times, from an SDLC perspective.
</p>

<p>
Moreover, they increase our overall risk potential in case of serious incident involving loss or theft of information not classified by Fosshost as appropriate for some actual dissemination.
</p>

<p>
To mitigate potential harm in case of such incident we have established certain guidelines:
</p>

<ul class="org-ul">
<li>We do not store information we don't need or expect to need.</li>

<li>We prioritize and normalize removing information we do not need as part of daily operation.</li>

<li>Where possible for confidential information (or otherwise where necessary) we mask data.</li>

<li>We undertake to publicly disclose the general types of information we are regularly storing.</li>
</ul>

<p>
However:
</p>

<ul class="org-ul">
<li>We collect and retain certain information as a part of our everyday operation.</li>

<li>We are generally free to measure and use this information as needed.</li>

<li>Rules within our Our Policies must help us classify and safeguard information.</li>

<li>Risks and Controls allow us to measure the actual safety of information in our charge.</li>

<li>The information kept for measurement purposes can expose us to additional risk.</li>

<li>We (generally) identify risks and select and measure controls at our digression.</li>
</ul>

<p>
And, meaning:
</p>

<p>
At our sole and absolute digression (except and always per/according to due process of  law and the will of our regulators, community, volunteers, etc.), we may (and sometimes must if, for example, according to Our Policies, etc.) identify/measure certain risks and controls.
</p>

<p>
At times, these such measurements may influence and/or include (or be accompanied by, e.g. link) outcomes, which we may document such as to include and/or reference the names (etc.) of our tenants or volunteers, for example and especially our directors and officers, etc.) and other sensitive or potentially sensitive information, and to incorporate some or all of the this/these into the extracts we create of/from/respecting Our Policies.
</p>

<p>
As with any information we possess, should we become aware via use of this information of misconduct, for example violations of our terms of service, et. al. (for example, including violations of any volunteering or sponsorship agreements, of Our Policies by someone who has accepted and affirmed them, etc. our articles, etc.), then we may (and in some cases must) act on such information.
</p>
</div>
</li>
</ol>
</li>

<li><a id="org4325fb2"></a>Maintain Risks and Controls in Terms of Measurable Things<br />
<div class="outline-text-5" id="text-1-1-4-3">
<p>
Extracts must each consider the full set of references to correctly create the intended result/set of results.
</p>
</div>

<ol class="org-ol">
<li><a id="org2851ce3"></a>Critical Cross-References<br />
<div class="outline-text-7" id="text-1-1-4-3-0-1">
<p>
We must create Critical Cross-References (such as for Risks, Controls, related Measures,  Performance, RESULTS, etc.), before calculating/writing the final output from any extract.
</p>

<p>
For example, Indexes (such as Cross-References) must be completed/created (or verified as, etc.) prior to finalizing any files created against the entire set, within the scope of the present operation.  In context of creating an extract, the scope of the present operation is the files in (and in sub-directories of) the present context file/folder considered as we iterate folders and files starting from <code>README.org</code>, (then <code>README.MD</code>, the other files, then folders, etc.) within the <a href="#orgc6cc2f9">1.1.4.4.1</a> root.
</p>
</div>
</li>
</ol>

<li><a id="orga22aa49"></a>Risks<br />
<div class="outline-text-6" id="text-1-1-4-3-1">
<p>
We must measure risk as something which poses a real or perceived negative outcome for our project, and must do so in terms of specific outcomes which can (and in some cases must) relate to others, including internally, to government/regulators, publicly, etc. ("Risks", "Measurable Risk", etc.).
</p>
</div>
</li>

<li><a id="org38755b7"></a>Controls<br />
<div class="outline-text-6" id="text-1-1-4-3-2">
<p>
We define Controls in order to consider a Risk as deliberately mitigated and, moreover to measure our controls in terms of all of our organizing materials, so as consider accountable those of our volunteers who have undertaken this - that is that those of us who may deliberately seek (on a best effort basis) to identify and mitigate Risk, may (and in most cases must) also define Controls as relate.
</p>
</div>
</li>

<li><a id="orga2ec167"></a>Meta-data for Risks and Controls<br />
<div class="outline-text-6" id="text-1-1-4-3-3">
<p>
We define both Risks and Controls using meta-data post-fixed to a section/sub-section/etc text.
</p>
</div>
</li>

<li><a id="org0109ecd"></a>Rules for Extracts Measuring Risks and Controls ("Extract Accountability")<br />
<div class="outline-text-6" id="text-1-1-4-3-4">
<p>
Thus, we must exert certain rules/assertions to influence the proper creation of each extract.
</p>
</div>

<ol class="org-ol">
<li><a id="org65ae2d3"></a>BEFORE Creating Files - complete these before writing any (other) Cross-Reference<br /></li>

<li><a id="org7afcfe8"></a>CREATE Control List - an index of all Controls, written to the working directory<br /></li>

<li><a id="org56c5998"></a>CREATE Risk Registry - an index of all Risks, written to the working directory<br /></li>

<li><a id="orgc4da00c"></a>CREATE Risk and Control Cross-Reference - an index one-way and mutual references<br /></li>

<li><a id="org24ffca2"></a>STOP - this rule-set stops, continue other required processing<br /></li>
</ol>
</li>
</ol>
</li>

<li><a id="org299ea6a"></a>Maintaining "Our Policies"<br />
<ol class="org-ol">
<li><a id="orgc6cc2f9"></a>Repository<br />
<div class="outline-text-6" id="text-1-1-4-4-1">
<p>
The canonical repository ("repo", "the repository") for Our Policies is on GitHub:
</p>

<p>
<a href="https://github.com/fosshostorg/policy">https://github.com/fosshostorg/policy</a>
</p>
</div>
</li>

<li><a id="org15692ba"></a>Contributing<br />
<div class="outline-text-6" id="text-1-1-4-4-2">
<p>
You can share your input and suggestions using use GitHub issues or by opening a <a href="https://support.fossho.st">support request</a> or joining our chat via <a href="https://libera.chat">Libera IRC</a> or <a href="https://discord.gg/foss">discord</a> in the #fosshost-feedback channel and naturally.. patches welcome :)
</p>
</div>
</li>

<li><a id="org7a82d1b"></a>Folders in the Repository<br />
<div class="outline-text-6" id="text-1-1-4-4-3">
<p>
The top-level folder of the repository contains <a href="#orgd601c72">the README file</a> and all of the documents (and folders of documents) that contribute to each section of the README file.  Given documents (or entire folders) in the repository may not contribute to the README file, for example we may exclude early drafts of policy and long retired practices.
</p>
</div>
</li>

<li><a id="orgbb193f1"></a>Consolidated and Abstracted and Extracts<br />
<div class="outline-text-6" id="text-1-1-4-4-4">
<p>
We use a process automated on check-in of changes to the <a href="#orgc6cc2f9">1.1.4.4.1</a> to update any Consolidated or Abstracted ("extracts", "extracted") versions of Our Policy.
</p>

<p>
We must consider all files in the Repository, when creating each Consolidated or Abstracted extract.
</p>
</div>

<ol class="org-ol">
<li><a id="orgf5d8473"></a>Consolidated extracts must form complete versions of Our Policy.<br /></li>

<li><a id="orgc2d059e"></a>Abstracted extracts may contain less than complete version of Our Policy.<br />
<div class="outline-text-7" id="text-1-1-4-4-4-2">
<p>
For example, we may extract content only from files/folders necessary to understand (including the procedural scope/impact) of a given Policy, or to execute/implement a given procedure (including seeing policies it applies), or to summarize Risks and CONTROLS in terms of their related MEASURES.
</p>
</div>
</li>
</ol>
</li>

<li><a id="org74664d1"></a>Using Numeric Prefixes When Naming Files and Folders in the Repository<br />
<div class="outline-text-6" id="text-1-1-4-4-5">
<p>
To ensure consistency as we update Our Policy, we should name files and folders in the Repository starting with a numeric prefix corresponding to the placement of the content of the file(s) involved in the README file.
</p>

<p>
Numeric prefixes for file and directory names in the <a href="#orgc6cc2f9">1.1.4.4.1</a> are one or a string of hexadecimal characters  (in the range <code>[0-9a-f]</code>), and must be separated from the rest file-name with an underscore (<code>_</code>).
</p>

<p>
The rest of the filename (that after the hyphen) is generally taken from section/sub-section heading or first sentence content from the file).
</p>
</div>
</li>

<li><a id="orge26de17"></a>Extract Example<br />
<div class="outline-text-6" id="text-1-1-4-4-6">
<p>
<a href="#orgd601c72">1.1.6</a> is an example of a Consolidated extract of our policy.
</p>

<p>
To create the README file (and other complete and partial "extracts" of our Policy), we read each file in the repository.
</p>

<p>
We start with those in the top-most (root/parent) folder of the Repository, then recurse into sub-directories.
</p>

<p>
We use an <a href="https://ux.stackexchange.com/questions/95431/how-should-sorting-work-when-numeric-is-mixed-with-alpha-numeric">alpha-numeric</a> sort to select which files and sub-directories to process first (after <code>README.md</code> and <code>README.md</code> if any).
</p>
</div>
</li>

<li><a id="org1dc8315"></a>Source Formats<br />
<div class="outline-text-6" id="text-1-1-4-4-7">
<p>
We use <a href="https://pandoc.org/">Pandoc</a> to convert between Org (<code>org</code>) and Markdown (<code>md</code>).  We consider each file of either format in this order (in cases where both an <code>org</code> and <code>md</code> formatted version exist).
</p>

<p>
We prefer the content from the most specific, more recently changed source files.
</p>
</div>
</li>

<li><a id="org757f3b7"></a>Transversing and Merging Documents and Sections<br />
<div class="outline-text-6" id="text-1-1-4-4-8">
<p>
To create <a href="#orgd601c72">the README file</a> we consider each file in the <a href="#orgc6cc2f9">repository</a>.
</p>

<p>
We start with the top level <code>README.org</code> (if any), add and update from <code>README.md</code> (if any), the recurse into sub-directories in
</p>

<ul class="org-ul">
<li>When README.org exists, we start with the top-level <code>README.org</code>.</li>
<li>When <code>README.md</code> is newer than <code>README.org</code>, we update <code>README.org</code> from <code>README.md</code>, overwriting all overlapping sections.</li>
</ul>

<p>
Not all files in the repository contribute to the README file.  Files in the repository
</p>

<p>
Each of the those files represents a draft or completed and in-force policy.  All in-force policies and approved procedures must be used (or considered, and expressly omitted for good cause) to create the README file.  Any other version of our policy that is considered complete or a complete cross-reference regarding or for a specific use must similarly consider all of the in-force policies in the <a href="#orgc6cc2f9">1.1.4.4.1</a>.
</p>

<p>
Each document in the repository may be an in-force policy or procedure, a part of one of these, or a draft or argument for or against or proposing to create, change or remove one or more policies and procedures.
</p>

<p>
Our Policies are divided among three sections:
</p>
<ul class="org-ul">
<li>SUMMARY,</li>
<li>POLICY, and</li>
<li>PROCEDURE</li>
</ul>

<p>
Each section may be composed from one or several documents. All documents are kept within the repository.
</p>

<p>
Individual documents contributing to the POLICY and PROCEDURE sections often contain a sub-section titled SUMMARY. When present, the content of this sub-section is extracted to the SUMMARY section of Our Policies, such that we minimize repetition needed to create a comprehensive SUMMARY section for the consolidated work (i.e. <a href="#orgd601c72">1.1.6</a>).
</p>
</div>
</li>
</ol>
</li>
</ol>
</div>


<div id="outline-container-org975c708" class="outline-4">
<h4 id="org975c708"><span class="section-number-4">1.1.5.</span> Document Sections and Sub-Sections within POLICY and PROCEDURE Sections</h4>
<div class="outline-text-4" id="text-1-1-5">
</div>
<ol class="org-ol">
<li><a id="org6ba50b5"></a>The SUMMARY section<br />
<div class="outline-text-5" id="text-1-1-5-1">
<p>
This ("SUMMARY") section is intended to help you understand (and navigate) our policies.
</p>

<p>
It's language should be simple to understand but must be consistent with the following sections, which give the specific terms we follow.
</p>

<p>
Much of the content of the SUMMARY section of Our Policy is extracted from individual documents' SUMMARY sections, which same individual documents' other contents form the POLICY and PROCEDURE sections below.
</p>
</div>
</li>

<li><a id="orgcbb442a"></a>The POLICY section<br />
<div class="outline-text-5" id="text-1-1-5-2">
<p>
Following the SUMMARY section is the POLICY section. Top-level divisions (referred to as "main sub-sections") each provide a specific policy.
</p>

<p>
Polices are described in terms of short summaries, extracted to this summary section after the overview along with a cross-reference of related Procedures (if any have been noted as subject to the given policy).
</p>

<p>
Because they seek to create specific and binding (and enforceable) language indicating a commitment between parties to do certain things certain ways, these may use obtuse, hard-to understand language and terminology.
</p>
</div>

<ol class="org-ol">
<li><a id="org48c1cf6"></a>Policy Summary<br />
<div class="outline-text-6" id="text-1-1-5-2-1">
<p>
To help simplify the task of understanding the detailed (and binding) policy language later in each top-level section, each policy document-set comprising a top level section should start with a sub-section titled "SUMMARY" to provide a general understanding of the meaning (and intent).  The composite SUMMARY sub-section paragraphs for that policy are then extracted and replicated into the SUMMARY section of the consolidated form (<a href="#orgd601c72">1.1.6</a>).
</p>
</div>
</li>

<li><a id="org601af5e"></a>Policy Terminology<br />
<div class="outline-text-6" id="text-1-1-5-2-2">
<p>
Each policy may provide a section labeled "Definitions" describing terms (and meanings) introduced within the policy and then available throughout Our Policy.
</p>
</div>
</li>

<li><a id="orgcd78035"></a>Policy Intent<br />
<div class="outline-text-6" id="text-1-1-5-2-3">
<p>
Each policy must provide a section labeled "INTENT" describing the behaviors (outcomes, etc.) we should produce.
</p>
</div>
</li>

<li><a id="org6ad643e"></a>Policy Scope<br />
<div class="outline-text-6" id="text-1-1-5-2-4">
<p>
Each policy must provide a "SCOPE" section.  This section must make specific the scope of the policy clear in terms of people and actions required, and may provide examples to suggest a general understanding to guide behavior described as intended (i.e. per INTENT).
</p>
</div>
</li>

<li><a id="orgc91f4ff"></a>Policy Statement<br />
<div class="outline-text-6" id="text-1-1-5-2-5">
<p>
Each policy may provide an "Additional Terms and Conditions" section to specify (additional) binding language related to the policy or otherwise to influence the stated INTENTS, clarify Definitions, and for other similar purpose.
</p>
</div>
</li>

<li><a id="orge1dcc3c"></a>Policy Effectiveness<br />
<div class="outline-text-6" id="text-1-1-5-2-6">
<p>
Each policy may include a section labeled "Measures".  This section should cross-reference to some or all related information elsewhere in Our Policy, or elsewhere in our internal information and documentation that can help us to measure the efficacy of related aspects of our project.
</p>

<p>
Automated data collection methods (or links to operational/analytic systems) should be used; however, manually added/calculated data-points should not.
</p>
</div>
</li>

<li><a id="org3ba2754"></a>Policy Disclosures<br />
<div class="outline-text-6" id="text-1-1-5-2-7">
<p>
Each policy may provide a "Risks and Disclosures" section, presentation of which may depend on/vary, for example depending on the requirements of different versions (extracts) of Our Policy we may create.
</p>
</div>
</li>

<li><a id="orgcaf8b66"></a>Policy State<br />
<div class="outline-text-6" id="text-1-1-5-2-8">
<p>
Policy state helps indicate the progress of our work as we maintain Our Policy.  ("State", "States")
</p>

<p>
State is indicated by meta-data at the top of the policy.
</p>

<pre class="example" id="orgd65004d">
#+ORG_POLICY: PLY
* SUMMARY
 ...
</pre>
<p>
Policies, as we are creating and updating them, may be in one or several States:
</p>
</div>

<ol class="org-ol">
<li><a id="org47502ad"></a>Proposed article changes ("PAC")<br />
<div class="outline-text-8" id="text-1-1-5-2-8-0-1">
<p>
These may affect several policies, procedures including proposing changes which would include instructions to amend our articles if approved.  The changes become effective according to and when the process due for such change according to our present rules per our articles has been completed.
</p>
</div>
</li>

<li><a id="org4ff9191"></a>Planned aligned changes ("TFH")<br />
<div class="outline-text-8" id="text-1-1-5-2-8-0-2">
<p>
These changes may propose changes to several policies and represent the consensus of alignment within the FH team, later defined, as our Executive Leadership Council.  They do not change our articles unless they have and are duly cataloged as PAC and until such process as described for PAC has been completed.
</p>
</div>
</li>

<li><a id="org67a179b"></a>In-force policy ("PLY")<br /></li>

<li><a id="org8e6f95f"></a>Prior and Proposed ("PRP")<br />
<div class="outline-text-8" id="text-1-1-5-2-8-0-4">
<p>
Prior and Proposed should being with a single sentence describing their status in terms of the PRP state. We will take this sentence as the content for the summary section of PRP policies.
</p>

<p>
Prior policies should generally start with "Prior Policy to" (or for), etc.
</p>

<p>
When considering each PRP policy, we review the <a href="#orgc6cc2f9">1.1.4.4.1</a> for exact text matches within other files/folders. When we find one or more exact matches the given PRP policy must be included when we extract and Cross-References other versions of Our Policy.
</p>
</div>
</li>
</ol>
</li>


<li><a id="org3e6d8f9"></a>Policy Approval<br />
<div class="outline-text-6" id="text-1-1-5-2-9">
<p>
Policy State can connotative the "approved" nature of Policy as we work to maintain it.
</p>
<ul class="org-ul">
<li>PLY - this is our operating policy</li>
<li>TFH - the team has aligned to this change but it is a "work in progress"</li>
<li>PAC - the team has aligned to this change but it will take some time</li>
<li>PRP - <b>not</b> an approved policy</li>
</ul>
</div>
</li>
</ol>
</li>

<li><a id="org7ecf2a9"></a>The PROCEDURES section<br />
<div class="outline-text-5" id="text-1-1-5-3">
<p>
Following the POLICY section is the PROCEDURE section.  Top-level divisions (main sub-sections) each provide a specific procedure.
</p>

<p>
Because they are intended to define the detailed steps to accomplish a given (often technical) task, these may use technology specific terminology and otherwise hard to understand language.
</p>

<p>
To help simplify the task of understanding the detailed steps we follow to complete a task, each should start with a sub-section titled "SUMMARY" which starts with a general description of the procedure in "plain English".  Each procedure SUMMARY sub-section is then followed by nested sub-sections (still within the SUMMARY sub-section) to help describe the purpose of the procedure (INTENT), the high-level or generalized approach taken (APPROACH), and descriptions of or references to prerequisite techniques and/or tools we should be comfortable with before starting the procedure (BACKGROUND).
</p>

<p>
All of these or any of these may be written directly into a file named for the procedure's section title in <a href="#orgd601c72">the README file</a>, or in a folder related to a given procedure created either within a PROCEDURES folder in the <a href="#orgc6cc2f9">1.1.4.4.1</a> route, or within the top level folder of the repository, and/or otherwise as means and description of which (along with suitable MEASURES and CONTROLS) may be stated in the remainder of Our Policies.
</p>

<p>
Only the top section of procedure SUMMARY sub-sections are extracted and replicated into the SUMMARY consolidated in <a href="#orgd601c72">1.1.6</a>.  In some cases the SUMMARY may be excluded, for example Aspirational procedures, especially those not aligned with/to or PLY and/or TLF/PAC+ALIGNED may be excluded at the discretion of the Chief Operating Officer, or another delegate as may be stated in Our Policies, and duly cross-referenced in the Summary sections, following.
</p>

<p>
Each Procedure must specific one or several INTENTS, each of which must support at least one measure, associated to a Risk or CONTROL as documented within the procedure, or as may be elsewhere documented and duly cross-referenced in Our Policies.
</p>

<p>
To compose the extracted versions of Our Policy, we must consider the status ("STATUS") of each procedure mentioned within any file in the Repository.
</p>

<p>
STATUS indicates when we may (or must) use a procedure, including when (in the case of CON, contingency procedures), when we must have additional alignment within (and documentation from) members of our team before we follow/use a procedure.
</p>

<p>
Each procedure (or version of, or constituent to a procedure) must have a STATUS, one of:
</p>
</div>

<ol class="org-ol">
<li><a id="org969c5e5"></a>Preferred ("PRE"), indicating we must use the procedure where possible/practicable.<br /></li>

<li><a id="org00b02e1"></a>Aspirational ("ASP"), indicating we may (or may not) follow/use the procedure<br /></li>

<li><a id="orgdd403cb"></a>Discouraged  ("DIS"), indicating we may (but prefer not) to follow/use the procedure<br /></li>

<li><a id="org67a9d30"></a>Contingency ("CON"), indicating we may follow/use the procedure only as an Exception<br /></li>
</ol>
</li>
</ol>
</div>

<div id="outline-container-orgd601c72" class="outline-4">
<h4 id="orgd601c72"><span class="section-number-4">1.1.6.</span> The README file</h4>
<div class="outline-text-4" id="text-1-1-6">
<p>
We also provide a README file, which consolidates all of the sections
and constituent documents (shown as sub-sections) to a single file.
</p>

<p>
The README file is available in a variety of formats including:
</p>
<ul class="org-ul">
<li>Markdown</li>
<li>HTML</li>
<li>PDF</li>
<li>Plain (unicode) text, and</li>
<li>Org</li>
</ul>
</div>
</div>


<div id="outline-container-org9b9ba6b" class="outline-4">
<h4 id="org9b9ba6b"><span class="section-number-4">1.1.7.</span> Conflicts</h4>
<div class="outline-text-4" id="text-1-1-7">
<p>
For troubles of any kind with our services or project or, especially, in case you spot any conflicts (cases where one part of the document appears to conflict with another), please let us know using (at your preference) GitHub issues or our web/email support tools.
</p>

<p>
In all cases of conflicts between parts of our policy, preference shall be in the following order:
</p>

<ul class="org-ul">
<li>our articles filed with the UK government, or</li>
<li>the most recently in-force and related POLICY, or</li>
<li>the most recently related and Preferred or Aspirational (<code>PRE|ASP</code>) PROCEDURE, or (finally)</li>
<li>as most recently described below in this SUMMARY section</li>
</ul>
</div>
</div>

<div id="outline-container-orgd23597a" class="outline-4">
<h4 id="orgd23597a"><span class="section-number-4">1.1.8.</span> More About Us</h4>
<div class="outline-text-4" id="text-1-1-8">
<p>
Our team is entirely volunteers who donate their labor.  We partner
with other organizations who provide us with servers, rack-space,
bandwidth, etc.  We use these resources for tenants (the projects we
host) who gain access to infrastructural technology services, for
example virtual private servers (VPS).
</p>

<p>
We usually share publicly any information we share at all.
</p>

<p>
We don't provide remuneration "in-kind" or otherwise compensation to
anyone, with a few exceptions:
</p>
</div>

<ol class="org-ol">
<li><a id="org87d1f10"></a>Volunteer self-hosting<br />
<div class="outline-text-5" id="text-1-1-8-1">
<p>
Volunteers are generally able to host their own projects with
us. This enables our volunteers to bypass the normal applications
process.  Such projects must otherwise meet our eligibility criteria.
</p>
</div>
</li>

<li><a id="orgc8a08eb"></a>Receipts and Letters of Recommendation<br />
<div class="outline-text-5" id="text-1-1-8-2">
<p>
We may provide documentary evidence supporting volunteering and/or
other donations.  We do so at our sole option and, unless otherwise
stated in writing (for example, within a formal, written contract),
we may choose not do so for any reason or without giving a reason.
</p>
</div>
</li>

<li><a id="orga86465b"></a>Promotional Support<br />
<div class="outline-text-5" id="text-1-1-8-3">
<p>
We make every effort to support our sponsors.  This includes listing on our sponsors page, mentions on our blogs and social media presence, and in other ways intended to promote the sponsoring organization.
</p>

<p>
Aside from this type of "promotional support", we do not provide any special treatment or service to our sponsors.  For example FOSS projects "backed" (also sponsored) by an organization that sponsors Fosshost are <b>not</b> given preferential treatment when reviewing applications for hosting, nor do we prioritize "feature" requests based on their originating from organizations that may sponsor us.
</p>
</div>
</li>
</ol>
</div>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="author">Author: Corwin Brust</p>
<p class="date">Created: 2021-11-14 Sun 03:38</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>