Files
wdmUI/decisions/0011-comunicacion-y-transparencia.md

51 lines
3.7 KiB
Markdown

# ADR-0011 · Communication & transparency
**Status**: accepted
**Date**: 2026-05
## Context
Blocao Labs is starting a content engine around the project (a wiki → WordPress publisher) and adopting a build-in-public posture. The immediate commercial goal is to **sell the products** (Sovereign Phone, the Blocao platform), **not to raise investment**. In a market whose value proposition is sovereignty, trust is the product: open source, auditable schemes, and honest documentation are themselves the strongest sales argument.
Two product lines have opposite appetites for transparency:
- The **Sovereign Phone**, the UI design language, and the sovereignty philosophy benefit from maximum openness — auditability is a feature.
- The **forensics platform** serves security-sensitive customers; `wdmUI` is marked internal. Publishing fine-grained architecture of a hardened OS or of forensics internals hands a map to attackers and competitors.
"Build in public" therefore cannot mean "build *everything* in public".
## Decision
Adopt **build-in-public with layered transparency**. Every artifact is classified into one of three tiers:
- **Public-first**: Sovereign Phone, design language / tokens, the *why* of decisions (ADRs are narrative gold), cookbooks, open-source components.
- **Private-by-default**: the forensics platform — only its vision / philosophy layer is public; technical internals are not.
- **Never public**: customer identity, hardening details that materially aid an attacker, keys / secrets, pricing and sales specifics.
Operating rules:
1. **Editorial bar**: the only test for publishing is *"does this help a buyer trust and a technician audit?"* — not investor optics.
2. **Licenses & attribution**: every published piece declares the licenses and attributions of everything it uses. Non-negotiable; it is both ethics and brand.
3. **RF / regulatory rule**: every cookbook touching radio spectrum states its **regulatory framework at the very top**. We document only the legal path (shielded / lab dev, shared or licensed spectrum, coordinated and authorized emergency use). We explicitly do **not** publish clandestine-network or interception recipes — that is the opposite of the brand.
4. **Resilience framing**: recipes target real-world degraded conditions (off-grid, ad-hoc) and are explicit about which comms family they belong to (unlicensed ISM / LoRa / WiFi HaLow vs spectrum-sensitive LTE / SDR).
5. **Pipeline & gate**: the wiki is the source of truth; a public / private **tag** on each page is the editorial firewall; the publisher only touches pages tagged public, always **draft-first** into WordPress for human review. One cookbook = one post.
## Consequences
**Good**:
- Transparency reinforces the core sale (sovereignty) instead of leaking the things that would undermine it.
- A single, simple rule (the tag) keeps confidential material out of the public pipeline.
- License / attribution discipline pre-empts the credibility attacks that routinely hit privacy products.
- No investor narrative to maintain means less spin, more signal.
**Bad / trade-offs**:
- Classifying every artifact adds friction to publishing.
- The public / private boundary needs periodic review as the products evolve.
- Building in public invites scrutiny; claims must hold up, which raises the documentation bar.
## Alternatives considered
- **Full build-in-public (everything open)**: maximal trust signal, but unacceptable for the forensics platform and its customers.
- **Fully closed / marketing-only blog**: safe, but forfeits the trust advantage that is the entire point of a sovereignty brand.
- **A separate public-only repo for all public content**: cleaner confidentiality boundary, but fragments the source of truth; revisit if the tag-gate proves insufficient.