Define security policy for access that gives arbitrary code execution on the Tails infrastructure

We have no security policy defined for access to the Jenkins web UI and for sending branches to Jenkins. Do we need one? If yes, what shall it be?

Original created by @intrigeri on 15981 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information