Knowledge Base

Credentials

This platform can be improved by free software developers and volunteers. You may use different types of credentials, depending on your access level. Bewase of phishing: nobody is authorized to request these credentials.

Resource Owner Tokens (ROT)

All sensitive actions that bypass the normal process of approval by the free software community require the ownership of a reusable Resource Owner Token (ROT). ROTs are long-lasting high-security digital credentials that by agreement must be stored outside the web browser in a secure storage, either on paper or in a dedicated password manager. Each token comes with a unique "Sectag" password and allows for the direct management of a certain set of indexed resources. ROTs have a limited number of uses and and then must be renewed manually by the administration.

What actions require a ROT?

ROTs are currently used for the direct editing of indexed resources. This is the case of software developers who needs the ability to bypass the normal process of approval because they need to do frequent edits or companies who own so many resources they can't wait for the approval process each time.

ROT owners have a dedicated control panel which gives privileged access to the resources they proved their ownership of.

How long does each ROT last?

Each homepage domain can be assigned to only one individual or company responsible, who gets one ROT. On request, ROTs can be split into multiple sub-tokens to guarantee maximum flexibility.

A whole ROT lasts for 250 edits.

How much does a ROT cost?

You can get them for free. There could be a small fee for identity validation.

Can I use the ROT non-interactively via API?

A public web API is currently under development.

What are the consequences of misusing a ROT?

Each time a ROT is used in violation of the regulation its duration is halved. ROTs are offered on community's trust so any individial or entity who abuses this trust won't get a replacement token.

How can I get a ROT?

This kind of tokens is assigned on request exclusively to individuals, groups or companies after identity validation and resource ownership validation.

  • You must be the owner of the homepage that currently represents the resource you'd like to administer directly;
  • ROTs usage is fully arbitrary as long as you do your best to respect the regulations;
  • you are free to share all ROTs in your possession with wohever you deem appropriate, but you'll be fully responsible for their usage;
  • you can ask to have your ROT splitted in 2 or more independant sub-tokens (eg. split 1 whole token in 2 tokens with 125 uses each);
  • when a ROT is depleted, you can ask for a replacement or ask for its permanent deletion and both actions are performend on a best-effor basis;
  • if you publish your ROT Sectag by mistake, the control panel has a special emergency option which allows for the instant depletion of a token without influencing the existing sub-tokens.

To receive a ROT you must send a request via email.

Resource Improvement Tokens (RIT)

Accessing the queue management sections requires having a Resource Improvements Token (RIT). RITs are long-lasting digital credentials composed by a standard username and password combination. RITs have an unlimited number of uses but expire when not used for a very long time.

What actions require a RIT?

RITs are used for the approval of visitor-provided suggestions and to cast a vote on any voting pool.

How long does each RIT last?

Each RIT lasts 12 months after being used for the last time. RITs have unlimited uses.

How much does a RIT cost?

You can get them for free.

Can I use the RIT non-interactively via API?

Unlike ROTs, RITs cannot be used to access the API.

What are the consequences of misusing a RIT?

RITs are simply suspended for a while (7 days to 1 month). In case of severe violations, however RITs can be suspended for up to 6 months.

How can I get a RIT?

Unlike ROTs, RITs cannot be issued by administrators, only by volunteers. You need to ask an existing volunteer, who will become your Mentor and gift you a new RIT. After using your RIT for the first time, you'll be considered a volunteer and part of the community.

Community access credentials

The forum credentials and the chat credentials follow the same rules of the RITs but are issued automatically, without prior identity verification nor the need for an invitation.

What actions require a community account?

  • Forum participation;
  • chatroom participation;
  • upvoting/downvoting resources, systems, ...;
  • opening a Platform Technical Support (PTS) ticket;
  • opening a Resource Improvement Request (RIR) ticket.

How much does a community account cost?

You can get them for free.

What are the consequences of misusing the community accounts?

Like with RITs, community credentials can be simply suspended for a while (1 day to 6 months). In case of severe violations, however the access rights of a community account can be reduced. Abusing the real-time chats may also have additional penalties which are administered by 3rd parties and go beyond this platform.

How can I get a community account?

You simply need to register and the whole process requires 5 minutes or less.

Can your recover my password?

No. Lost passwords cannot be recovered, only reset. The administration can replace your password on request, after identity verification (required for ROTs, RITs and community credentials). A new safe password is generated for you and you may choose to replace it later.

Unlike the other credentials, newly issued ROT Sectags cannot be chosen by the user nor by the administrators and must be generated by the system each time using military-grade algorithms.

Security advices

  • Always keep a copy of all your credentials in a safe place, ideally in a password manager or on paper.
  • The staff and the volunteers are not authorized to ask you passwords/Sectags, nor to send links to login pages or 3rd party services which "need" those.
  • If possible, never share your credentials.
  • If you think any of your accounts/tokens was compromised, please get immediately in touch with the administration.