Bootstrap discussion around security policies
Originally created by @CyrilBrulebois on #17656 (Redmine)
The security policies can be a little confusing at first (Infrastructure vs. several levels), and I’d personally be happy to have an easier way to figure out what is mandatory for a given role (e.g. release manager).
- Consider specific use cases, e.g. is it acceptable to allow remote access to privileged machines, and if so, with which technologies (SSH, openvpn, hidden services, etc.).
- The compliance reporting process has been broken for years.