Introduction

This document establishes the policy governing member-developed software for the 7th Cavalry Gaming Regiment ("the Cav"). It ensures that all software projects adhere to organizational standards, promote transparency, and prioritize the betterment of the Cav. Additionally, it ensures that all member-developed software used as part of the Cav's daily operations is properly controlled and managed to maintain security, compliance, and longevity.

Policy Requirements

1. Purpose and Alignment
   • All software projects must directly serve the betterment of the Cav, enhancing its operations, member experience, or organizational goals.
   • Projects must align with 7Cav values, objectives, and standards.
   • All projects must be owned and operated by the Cav to ensure organizational control, security, and alignment with its operational goals.
2. Open Source Requirement
   • All software developed for the Cav must be fully open source.
   • Repositories must utilize an appropriate open-source license, specifically MIT, GPLv3, or AGPLv3, as approved by S6.
   • Code and documentation must be clear and accessible to promote collaboration.
   • Proper attribution must be maintained for any third-party open-source libraries used, in compliance with their respective licenses.
3. Repository Management
   • All member-developed software repositories must reside on the official 7Cav GitHub organization page.
   • Repositories may be forked or initially developed outside of the Cav GitHub organization, in alignment with GitHub best practices. However, all repositories must be transferred to the 7Cav organization prior to any testing outside of S6 or deployment to a production environment. Furthermore, all code used for production or testing must exactly match the code in the main GitHub repository to ensure consistency and security.
   • Access to repositories on the 7Cav GitHub is managed by S6 HQ and handled on a case-by-case basis. Access will be limited in scope to what is required for work on the project.
4. Scope of Policy
   • This policy explicitly allows small projects that improve quality of life for individual trooper Areas of Operation (AOs).
   • However, if a tool implements a system that is mission critical and cannot be independently reproduced without the tool itself, then it will become covered by this policy. The final determination on this criteria will be subject to GenStaff discretion.
5. Hosting Requirements
   • All software intended for Cav use must be hosted on Cav-owned hardware or services.
   • External hosting is prohibited unless explicitly authorized and approved in writing by General Staff (GenStaff).
6. Testing and Approval Process
   • Software must undergo rigorous testing under the supervision of S6.
     • Testing should include functionality validation, load testing, and security assessments conducted by S6 personnel.
   • Testing environments must be set up using Cav-owned resources to ensure consistency and security.
   • Final deployment requires review and approval from S6 leadership.
7. Access and Security
   • Privileged access to development and hosting environments is restricted to approved S6 personnel.
   • Default passwords on systems and applications must be changed using strong password practices.
   • Personal or privileged account credentials must not be shared without explicit approval from S6 HQ. Access must be regularly reviewed to ensure it adheres to the principle of least privilege.
8. Compliance and Maintenance
   • All contributors must adhere to the guidelines set forth in this policy, as well as 7Cav General Orders and the S6 Department Guidelines.
   • Bugs can be reported by both internal and external users through various communication channels. All reported bugs must be documented and consolidated into issues within the relevant 7Cav GitHub repository for tracking and resolution.
   • Software maintainers should make reasonable efforts to provide timely updates, bug fixes, and security patches, recognizing the volunteer nature of the organization.
   • Abandoned or obsolete projects will be deprecated or archived following S6 review. This will be a judgment call made by S6 HQ and will be based on criteria such as the severity of bugs, security issues, and active use by Cav members.
9. Prohibited Practices
   • Hosting, testing, or distributing software outside of Cav infrastructure without authorization.
   • Using Cav resources for personal or unauthorized purposes.
   • Assigning privileged access without S6 HQ approval.
   • Allowing unauthorized users to log into resources with privileged accounts.
   • Engaging in any activities that compromise the security, integrity, or objectives of the Cav.
   • Any activities that violate the S6 Acceptable Use Policy, or any other policy the Cav holds, or the General Orders.
10. Intellectual Property
    • All software developed under this policy is the intellectual property of the 7th Cavalry Gaming Regiment.
    • Contributors must waive individual claims to intellectual property rights for projects created for the Cav.
    • Since all code is open source, it may be reused outside of the Cav, provided such reuse does not conflict with other policies outlined in this document, including those related to intellectual property, security, and organizational standards.
11. Code Review Process
    • All member-developed code must undergo a formal review before being merged into the main branch or deployed to production.
    • Reviews will be conducted by designated S6 personnel or a qualified reviewer within the Cav to ensure:
      • Compliance with coding standards and best practices.
      • Absence of security vulnerabilities or potential exploits.
      • Alignment with organizational objectives and project requirements.
    • The code review process should follow these steps:
      • Submission of a pull request (PR) to the relevant repository.
      • Assignment of a reviewer by S6 HQ or the project maintainer.
      • Completion of the review, including comments and necessary changes.
      • Approval by the reviewer, indicating readiness for merge or deployment.
12. Enforcement
    • Violations of this policy may result in disciplinary action and/or removal of unauthorized software from Cav systems. Disciplinary action may range from a Letter of Reprimand (LOR) to an Article 15 (ART15) proceeding, or even discharge, depending on the severity of the violation.
    • Violations will be determined by the judgment of S6 HQ and may be subject to further review by General Staff (GenStaff).

Appendix of Terms

Open Source License: A type of license for software that allows its source code to be used, modified, and distributed freely, typically under terms that ensure transparency and collaboration (e.g., MIT, GPL).

Principle of Least Privilege: A security practice that restricts access rights for users to the bare minimum permissions they need to perform their work.

Privileged Access: Elevated permissions or administrative rights to systems and applications, typically reserved for authorized personnel.

Abandoned Project: A software project that is no longer actively maintained, updated, or used by Cav members.