Friday, July 4, 2008

Code of Conduct

Some may notice the new disclaimer posted to the wiki and blog. This disclaimer links to a Code of Conduct that has gone through the CDC clearance process to establish posting guidelines for CDC employees and contractors who contribute to the blog, wiki or sourceforge.

You can read the code of conduct for all the details, but basically it describes the rules as:

  • Members will act with integrity and adhere to the highest standards of personal and professional ethics. As collaborations tend to be self-correcting, active participation means both offering suggestions and accepting them with a focus on product improvement. Personal attacks, hidden destructive code or other forms of harassment or intimidation will not be tolerated. Collaboration is highly encouraged, and although this may not always be positive, it should always be respectful and
    constructive.

  • Only authorized committers are allowed to make changes to project related sites. Project leads determine authorized committers and assign permissions.

  • Any sites not hosted by CDC or CDC resources should use separate authorization so as not to compromise existing CDC authentication and authorization procedures. This means that committers should not use an ID/ user name or password currently in use
    as their CDC ID / user name or password.

  • No specific security related information should be shared. No information that would allow an unauthorized party to compromise CDC systems security shall be posted. This includes, but is not limited to: user names, user ids, passwords, IP addresses, private certificate information, specific system configuration.

  • No restricted or privileged information should be posted that is limited in distribution rights. For example, there are US export controls for encryption routines and algorithms that cannot be shared with specific countries.

  • No content in violation of US or international copyright shall be posted without explicit, written consent of the copyright holder.

  • All content in draft form must be clearly marked with the words “DRAFT” both within the content itself and in any specific sites referencing the content.

  • No personally identifiable health data shall be posted or stored on collaboration sites. This includes partially identifiable data containing fields such as age, race, sex, geolocation. Only sample, mock or test data shall be used.

  • No posting of source code or unpublished materials relating to CDC or NCPHI developed production systems and applications.

No comments: