$Id: policy.txt,v 1.5 1998/11/07 19:22:25 explorer Exp $

POLICY FOR USING A FLAME.ORG ACCOUNT
------------------------------------

To get a flame.org account (usually on kechara.flame.org) you must
agree to the following.

If I seem to be paranoid about security, remember that this is my
personal machine, and if it is wiped, I loose a lot of time putting
things back to normal again.

Security is only as good as the people who use it, and often less...
Please don't compromise flame.org's security by being lazy or not
taking it seriously.

----------------------------------------------------------------------

1.   I agree to use my account only in accordance with the flame.org
     acceptable use policy.

2.   I agree to keep my account secure, and not use any non-approved
     login or access methods.  All secure connections (ssh, kerberos)
     MUST be encrypted from end to end.  That is, from the machine you
     touch all the way to the flame.org machine.  Telnetting to one
     machine then sshing from there is not permitted.

     Approved methods include:

	a.  The Secure Shell (ssh, slogin, scp) suite of programs.
	b.  Kerberos 5 enabled telnet and FTP, using encryption and
	    kerberos 5 authentication.
	c.  Other methods which may be added later, or special methods
	    only for my account which may be arranged.

3.   I agreee to not share my account with others by giving out my
     password.  I will report any such misuse by myself or others to
     the flame.org admin, and will change my password if I believe my
     account has been compromised and notify the admin of flame.org
     about the compromise.

4.   All access to my account must involve a password.  This is either
     by entering a Kerberos 5 password on my local host, entering a
     password for my SSH key, or entering a password on the flame.org
     machine directly.  SSH access using MD5 without a password is NOT
     permitted.

5.   I understand that my account can be terminated at any time for any
     reason, with or without notice.

6.   When I no longer need or wish to have my account, I will notify
     the flame.org admin (admin@flame.org) to disable my account.

7.   I understand that any information stored on my account or provided
     below will be kept private to the best of the abilities of the
     flame.org admin.  In short, the information signed below will not
     be released or sold to others.  However, since no computer system
     is 100% secure, the information could accidently be released.


For accounts which are shared between more than one person:

8a.  All users of a shared account MUST have signed a policy document
     and been granted their own individual account.

9a.  If I am designated the owner of a shared account, I am responsible
     for all use and misuse of that account from those I allow to use
     it.

----------------------------------------------------------------------


ACCEPTABLE USE POLICY
---------------------

1.   A flame.org account cannot be used for commercial purposes, unless
     specially permitted by the flame.org admin.  This includes, but is
     not limited to:

	a.  Commercial software development
	b.  Commercial email lists
	c.  "spam" or other mass advertising of a commercial nature
	d.  Storage of commercial files, with the intent to distribute
            from a flame.org machine

2.   Piracy and other illegal activity is not permitted.  Some
     software on the flame.org machines may be of a commercial nature.
     Copying this for use on another machine is forbidden.

3.   Harassment of others on the net or on a flame.org machine is not
     permitted.  Harassment includes, but is not limited to:

	a.  Mass advertising using a mailing list, mailing alias, or
	    other means.  (This is commonly known as "spam")
	b.  "Mail bombing"
	c.  Denial of service attacks on other machines, or on a
	    flame.org machine.

4.   In general, email should be forwarded to other machines, as
     flame.org is not an ISP.  Mail can be received here, and mailing
     lists run, but overuse of these will bring a warning or account
     termination.

     Use common sense.  A 50,000 person list is quite unreasonable, but
     50 or even 500 is probably ok.

5.   Any security related issues (world or group writable files which
     you do not think should be, etc) should be reported to the
     flame.org admin.

6.   The web isn't all copyright free.  If something is placed on a
     flame.org account (web, page, ftp site, etc) that is in copyright
     violation, it must be removed upon request.

7.   Using a machine at flame.org as a source of or target of any sort
     of security attack or check (without the target's permission) is
     not permitted.  Randomly checking the security of any machine
     without the owner's awareness is a bad thing, and will be delt
     with as an attempted breakin.

8.   Follow the general rule of "do unto others as you would want them
     to do unto you" or whatever variation on that you wish.  In short,
     don't be rude, don't harass others, and don't cause problems for
     the flame.org admin.  Well, don't be TOO rude at least.  The
     domain IS called flame.org for a reason.