"Security" and threat model tutorial

[tituspijean]

(disclaimer, I have never done any thread model analysis)

Questions about doing things "securely" within and around YunoHost often come up in the forum and chat rooms. We even advertise YunoHost as aiming to "democratize self-hosting, while making sure it stays reliable, secure, ethical and lightweight" (emphasis mine).

I think it would be nice to have a FAQ entry or a dedicated page about what is "security", and how users should really think in terms of threat model, and how YunoHost defines and handles it, and how users should define and handle their own. The format could be in the likes of what we already do about DNS and certificates.

From the top of my mind we should clarify how data and processes are "secured" in the scope of:

• YunoHost vs Debian
• YunoHost vs its own apps (systemd sandboxing, chmod/chown, ..., and how it might vary depending on how apps are packaged*)
• Apps vs apps (systemd sandboxing, chmod/chown, ..., and how it might vary depending on how apps are packaged*)
• Admin vs users (admins have access on all data - unencrypted or whose encryption keys are stored in the server)
• Users vs users vs the world (certificates, ...)
• Hardware (e.g. YunoHost is only software, it does not protect from physically accessing the server. it may be trivial, but it's a good way to tone down users demanding absolute "security")

*these could actually be also quoted in the packaging tutorials.

[MathieuW]

Not formally a threat model, but great risk management by DeuxFleurs : https://guide.deuxfleurs.fr/vie_associative/gestion-des-risques/