diff options
-rw-r--r-- | README.md | 13 | ||||
-rw-r--r-- | billing-faq.md | 28 | ||||
-rw-r--r-- | builds.sr.ht/index.md | 4 | ||||
-rw-r--r-- | hg.sr.ht/email.md | 3 | ||||
-rw-r--r-- | privacy.md | 10 | ||||
-rw-r--r-- | staff/support.md | 81 | ||||
-rw-r--r-- | terms.md | 9 |
7 files changed, 95 insertions, 53 deletions
@@ -16,15 +16,18 @@ To install SourceHut on your own hardware, see ## Getting help -Support is available via the -[sr.ht-discuss](https://lists.sr.ht/~sircmpwn/sr.ht-discuss) mailing list, on -IRC at #sr.ht on irc.libera.chat or by emailing the admin (sir@cmpwn.com) -directly — the latter is usually best for account or billing issues. +Support is available via the [sr.ht-discuss] mailing list, on IRC at #sr.ht on +irc.libera.chat or by emailing support ([sr.ht-support]) directly — the +latter is usually best for account or billing issues. ## Contributing to SourceHut We welcome third-party patches. If you have any changes you'd like to make to SourceHut, please send a patch to the -[sr.ht-dev](https://lists.sr.ht/~sircmpwn/sr.ht-dev) mailing list. Feel free to +[sr.ht-dev] mailing list. Feel free to start discussions about development here as well, if your change requires some thought before writing the code. + +[sr.ht-dev]: https://lists.sr.ht/~sircmpwn/sr.ht-dev +[sr.ht-discuss]: https://lists.sr.ht/~sircmpwn/sr.ht-discuss +[sr.ht-support]: mailto:~sircmpwn/sr.ht-support@lists.sr.ht diff --git a/billing-faq.md b/billing-faq.md index 18bb64d..f410e34 100644 --- a/billing-faq.md +++ b/billing-faq.md @@ -2,10 +2,11 @@ title: Billing FAQ --- +[sr.ht-support]: mailto:~sircmpwn/sr.ht-support@lists.sr.ht + Sourcehut is a business, but it's also an open source project, made by people, -and made for people. The maintainer is Drew DeVault, and you can reach him for -any reason via [sir@cmpwn.com](mailto:sir@cmpwn.com). If you have any questions -or concerns about billing on sourcehut, get in touch. +and made for people. If you have any questions or concerns about billing on +sourcehut, get in touch with us via the [sr.ht-support] mailing list. # Who has to pay for an account? @@ -33,17 +34,10 @@ SourceHut does not price any users out of the service. If the minimum fees are too high for your financial needs, or some other circumstances prevent you from paying, then you can simply [send us an -email](mailto:sir@cmpwn.com) explaining your situation, and you will be issued -free service. sr.ht users from many walks of life have been granted free -service: students, users with problems using their currency of choice, people -between jobs, and so on. - -Users can also earn free service credits by contributing to sr.ht. SourceHut is -a free and open source project itself, and each non-trivial patch you land in -sr.ht earns you one month of free service. [Email us](mailto:sir@cmpwn.com) to -redeem your free service credits. - -[Read more about contributing to sr.ht here](/installation.md). +email][sr.ht-support] explaining your situation, and you will be issued free +service. sr.ht users from many walks of life have been granted free service: +students, users with problems using their currency of choice, people between +jobs, and so on. # Which payment methods do you accept? @@ -55,8 +49,8 @@ We currently do not accept any other payment methods, including cash, cryptocurrency, bank wire, PayPal, etc. If other circumstances prevent you from paying, [send us an -email](mailto:sir@cmpwn.com) explaining your situation and we will try to work -out a solution. +email][sr.ht-support] explaining your situation and we will try to work out a +solution. # What are the differences between each plan? @@ -130,7 +124,7 @@ the beta. In the meanwhile, utilize any workaround you wish: nominate one of your members to host your resources on their account, or set up a dedicated pseudo-account for the organization, or any other approach that suits your needs. We will help you migrate to user groups once the feature is available. -[Shoot us an email](mailto:sir@cmpwn.com) to let us know about your workaround +[Shoot us an email][sr.ht-support] to let us know about your workaround and we'll make a note on your account. Billing considerations for organizations will be available when the beta begins, diff --git a/builds.sr.ht/index.md b/builds.sr.ht/index.md index 0d71a2b..7a890d3 100644 --- a/builds.sr.ht/index.md +++ b/builds.sr.ht/index.md @@ -2,6 +2,8 @@ title: builds.sr.ht docs --- +[sr.ht-support]: mailto:~sircmpwn/sr.ht-support@lists.sr.ht + [builds.sr.ht](https://builds.sr.ht) is a service on sr.ht that allows you to submit "build manifests" for us to work on. We spin up a virtual machine per your specifications and run your scripts in it. This is generally used to @@ -126,7 +128,7 @@ generate new secrets from scratch. All build logs are public, and to encourage users to roll over secrets which are compromised, our policy is to refuse to redact secrets leaked in this manner. If you require some time to fully address the consequences of a secret leak, we may redact them for up to one week — -[email support](mailto:sir@cmpwn.com) if you require this. +[email support][sr.ht-support] if you require this. ## Build environment diff --git a/hg.sr.ht/email.md b/hg.sr.ht/email.md index 8835fa9..d839e63 100644 --- a/hg.sr.ht/email.md +++ b/hg.sr.ht/email.md @@ -27,9 +27,6 @@ out, check out the [sr.ht-dev][sr.ht-dev] mailing list. [sr.ht-dev]: https://lists.sr.ht/~sircmpwn/sr.ht-dev -Unsure if your setup is correct? Try sending the patch to sir@cmpwn.com for -feedback first — make sure you mention in the email that you want feedback. - # For contributors ## Preparing your changes @@ -10,8 +10,9 @@ title: Privacy policy # These changes are batched to reduce the noise upon notifying users. --- -If you have any questions, please reach out to Drew DeVault <sir@cmpwn.com> via -email. +[sr.ht-support]: mailto:~sircmpwn/sr.ht-support@lists.sr.ht + +If you have any questions, please reach out to [sr.ht-support] via email. # What we collect and why @@ -117,10 +118,13 @@ happens. ## How to access and control the information we've collected -You may submit a request via email to Drew DeVault <sir@cmpwn.com> to request an +You may submit a request via email to [support][sr.ht-support] to request an archive of the information we've collected about you, or to request that we remove any information we've collected about you. +You may also reach out to our data protection officer directly: Drew DeVault +<sir@cmpwn.com>. + ## Changes to this document We may make changes to this document with no less than 2 weeks notice. Notice of diff --git a/staff/support.md b/staff/support.md index c85eead..8266916 100644 --- a/staff/support.md +++ b/staff/support.md @@ -4,11 +4,46 @@ title: Support procedures How to handle various common support issues. +## General support procedure + +Support emails come in to the [sr.ht-support] mailing list, which you should +have read/write access to. When you intend to field a support request, mention +the email in the sr.ht-staff IRC channel to avoid conflicts with other staff who +might be looking at it. + +[sr.ht-support]: https://lists.sr.ht/~sircmpwn/sr.ht-support + +### Identity verification + +User identities need to be verified, and accounts with two factor authentication +must be verified with two factors, before any disclosure of account information +via email or any modifications to their account. + +Preferred factors include: + +- DKIM signatures on the email +- PGP signatures on the email +- SSH key challenges (see [sshign](https://git.sr.ht/~minus/sshign)) +- DNS challenges on their mail server address or the domain in their profile + (e.g. "please add this random string to a DNS TXT record to verify your + identity") +- Web challenges on the domain in their profile (e.g. "please add this random + string to /sourcehut.txt to verify your identity) + +The last four digits of the credit card on file is sufficient to prove the +user's identity **only** for the purpose of billing-related support matters, +such as cancelling or refunding their payment or transferring billing +information to a new account. + +If the user is unable to verify their identity, refuse their support inquiry. + ## Account deletion -Ask the user if they're willing to wait until self-service account deletion is -available. If not, delete their data manually from the database and other data -stores (e.g. git). +Users can perform self-service account deletion by logging into their account +and running the delete process on meta.sr.ht. This is preferred to admin +intervention since it does not require us to separately verify the user's +identity. However, admins can also manually delete accounts via the user +dashboard. ## Account renames @@ -19,27 +54,27 @@ to the new account. ## Need 2FA disabled to reset account password -We need to establish their identity via two factors of authentication before we -can proceed with this. The first factor is usually the email address they -reached out to us with: it must match the address on file for their account. - -If they have SSH or PGP keys, we can ask them to provide a cryptographically -signed challenge proving their identity and authenticating their request. If -they have a website, we can ask them to add a DNS TXT record with a randomly -generated value to verify their identity. +This is a common support request, and it is important to re-enforce when +handling this request that the user needs to use two factors to prove their +identity even when requesting to have 2FA disabled; they may use alternative +approaches like PGP, SSH, DNS, etc, as described in "Identity verification" +above but need to provide two factors of some kind nevertheless. -Without these options, they have no recourse but to register for a new account. -We can transfer billing information to the new account, or cancel their current -payment plan, without two-factor authentication. +Without a verified identity, they have no recourse but to register for a new +account. Their inaccessible account cannot be deleted. ## Cannot pay for service Generally this ends with offering the user one year of free service and asking them to email us again when it runs out if their situation has not changed. +We generally trust our users, and don't ask them to substantiate financial aid +requests further than a declaration of need. For instance, there is no need to +ask for a student ID to grant service on the basis of a user's student status. + Common reasons to grant free service: -- Insufficient income (e.g. students) +- Insufficient income (e.g. students, between jobs, etc) - Unable to pay using their preferred payment method - Political problems (e.g. Russian sanctions) @@ -47,11 +82,17 @@ Common reasons to reject requests for free service: - They want free service because their FOSS project is FOSS -## Transfer billing information to new account +If in doubt, offer them free service. The user dashboard has a place to generate +invoices, set the source to "Financial aid", the amount to 0, and the term to 1 +year (the default). They can re-apply after it runs out. -Verify both accounts, using two factors if necessary, then use the meta.sr.ht -admin UI to transfer the billing info over. +### Refunds + +Generally speaking if a user asks for a refund relatively close to their payment +date (say, within one quarter), give them one and cancel their paid services by +updating their account type to non-paying. -## TODO +## Transfer billing information to new account -- Support mailing list which multiple staff have access to? +Verify both accounts, using two factors if necessary, then use the meta.sr.ht +user admin UI to transfer the billing info over. @@ -4,8 +4,9 @@ title: Terms of Service These are the terms of service for sr.ht; please read them before using sr.ht. -If you have any questions, please reach out to Drew DeVault <sir@cmpwn.com> via -email. +If you have any questions, please reach out to [sr.ht-support] via email. + +[sr.ht-support]: mailto:~sircmpwn/sr.ht-support@lists.sr.ht ## tl;dr @@ -103,8 +104,8 @@ these rights, and it is your responsibility to check.* recommendations here](https://man.sr.ht/license.md).* You may request an archive of all of your content on the service by writing an -email to Drew DeVault <sir@cmpwn.com> and allowing up to 2 weeks for an archive -to be prepared. +email to [sr.ht-support] and allowing up to 2 weeks for an archive to be +prepared. ## Service availability |