The policies below document major architectural decisions taken in the history of the team.

Those decisions were previously defined in a process called "TPA-RFCs" defined in TPA-RFC-1: policy but they are now managed using a lighter, standard ADR (Architecture Decision Record) process defined in ADR-101.

To add a new policy, create the page using the template and add it to the above list. See the Writing a ADR section if you're wondering how to write a policy document or if you should.

Draft

• TPA-RFC-3: tools
• TPA-RFC-11: SVN retirement
• TPA-RFC-17: Disaster recovery
• TPA-RFC-37: Lektor replacement
• TPA-RFC-38: Setting Up a Wiki Service
• TPA-RFC-45: Mail architecture
• TPA-RFC-47: Email account retirement
• TPA-RFC-86: Identity and Access Management
• TPA-RFC-88: DNS Registrars
• TPA-RFC-96: Migrating from MinIO to GarageHQ

Proposed

• TPA-RFC-94: Security liaison role rotation

Approved

• TPA-RFC-2: Support
• TPA-RFC-5: GitLab migration
• TPA-RFC-6: Naming Convention
• TPA-RFC-7: root access
• TPA-RFC-8: GitLab CI libvirt exception
• TPA-RFC-14: GitLab artifacts expiry
• TPA-RFC-18: Security policy
• TPA-RFC-19: GitLab labels
• TPA-RFC-22: rename TPA IRC channel and Matrix bridge
• TPA-RFC-24: Extend merge permissions for web projects
• TPA-RFC-30: Changing how lego plugins are used
• TPA-RFC-32: Nextcloud root-level shared folders migration
• TPA-RFC-33: Monitoring
• TPA-RFC-39: Nextcloud account policy
• TPA-RFC-44: Email emergency recovery, phase A
• TPA-RFC-46: GitLab 2FA
• TPA-RFC-48: Enable new GitLab Web IDE
• TPA-RFC-50: private GitLab pages
• TPA-RFC-51: Improve l10n review ci workflow
• TPA-RFC-55: Swap file policy
• TPA-RFC-56: large file storage
• TPA-RFC-58: Podman CI runner deployment, help needed
• TPA-RFC-59: ssh jump host aliases
• TPA-RFC-60: GitLab 2-factor authentication enforcement
• TPA-RFC-62: TPA password manager
• TPA-RFC-63: Storage server budget
• TPA-RFC-64: Puppet TLS certificates
• TPA-RFC-65: PostgreSQL backups
• TPA-RFC-66: Migrate to Gitlab Ultimate Edition
• TPA-RFC-68: Idle canary servers
• TPA-RFC-70: Move Tails sysadmin issues
• TPA-RFC-71: Emergency email deployments, phase B
• TPA-RFC-73: Tails infra merge roadmap
• TPA-RFC-74: GitLab CI retention policy
• TPA-RFC-76: Puppet Merge request workflow
• TPA-RFC-77: Puppet merge
• TPA-RFC-79: General merge request workflows
• TPA-RFC-80: Debian trixie upgrade schedule
• TPA-RFC-81: Gitlab Access
• TPA-RFC-82: Merge Tails and Tor support policies
• TPA-RFC-83: Mail log retention
• TPA-RFC-84: MinIO backups and scaling
• TPA-RFC-85: invite-only internal IRC channels
• TPA-RFC-87: Container image lifecycle
• TPA-RFC-89: GitLab encrypted confidential notifications
• TPA-RFC-90: Enforcing signed commits for Puppet
• TPA-RFC-91: Incident response
• TPA-RFC-92: Emergency BBB hosting provider change
• ADR-0100: Replace the TPA-RFC template with ADR Nygard
• ADR-0101: Adopt the ADR process in replacement of TPA-RFCs
• ADR-0102: ADR communications

Rejected

• TPA-RFC-16: Replacing lektor-i18n-plugin (put on hold while we consider the Lektor replacement in TPA-RFC-37)
• TPA-RFC-25: BTCpay replacement
• TPA-RFC-29: Lektor SCSS Plugin
• TPA-RFC-41: Schleuder retirement (kept for the community council)
• TPA-RFC-69: switch to HTTP basic auth on CiviCRM server (in favor of TPA-RFC-86)

Obsolete

• TPA-RFC-4: Prometheus disk space change (one-time change)
• TPA-RFC-9: "proposed" status and small process changes (merged in TPA-RFC-1)
• TPA-RFC-10: Jenkins retirement (one-time change)
• TPA-RFC-12: triage and office hours (merged in TPA-RFC-2)
• TPA-RFC-13: Use OKRs for the 2022 roadmap (2022 past, OKRs not used in 2023)
• TPA-RFC-20: bullseye upgrade schedule (one-time change)
• TPA-RFC-21: uninstall SVN (one-time change)
• TPA-RFC-23: retire ipv6only.torproject.net (one-time change)
• TPA-RFC-26: LimeSurvey upgrade (one-time change)
• TPA-RFC-27: Python 2 end of life (one-time change)
• TPA-RFC-28: Alphabetical triage star of the week (merged in TPA-RFC-2)
• TPA-RFC-34: End of office hours (merged in TPA-RFC-2)
• TPA-RFC-35: GitLab email address changes (one-time change)
• TPA-RFC-36: Gitolite, GitWeb retirement (one-time change)
• TPA-RFC-42: 2023 roadmap (recurring proposal)
• TPA-RFC-43: Cymru migration plan (one-time change)
• TPA-RFC-49: document the ganeti naming convention (modified TPA-RFC-6)
• TPA-RFC-52: Cymru migration timeline (one-time change)
• TPA-RFC-53: Security keys give away (one-time change)
• TPA-RFC-54: build boxes retirement (one-time change)
• TPA-RFC-57: Debian bookworm upgrade schedule
• TPA-RFC-61: 2024 roadmap (recurring proposal)
• TPA-RFC-67: Retire mini-nag (one-time change)
• TPA-RFC-72: Migrate donate-01 to gnt-dal cluster (one-time change)
• TPA-RFC-75: new office hours (merged in TPA-RFC-2)
• TPA-RFC-78: Dangerzone retirement (one-time change)
• TPA-RFC-93: Gitaly migration (one-time change)
• TPA-RFC-95: Retire the tor-team mailing list (one-time change)

Superseded

• TPA-RFC-1: RFC process (replaced with ADR-0100: template, ADR-0101: process, and ADR-0102: communications)
• TPA-RFC-15: Email services (replaced with TPA-RFC-31)
• TPA-RFC-31: outsource email services (in favor of TPA-RFC-44 and following)
• TPA-RFC-40: Cymru migration budget (replaced by TPA-RFC-43)