How to handle various common support issues.

General support procedure

Support emails come in to the mailing list, which you should have read/write access to. When you intend to field a support request, mention the email in the IRC channel to avoid conflicts with other staff who might be looking at it.

Identity verification

User identities need to be verified, and accounts with two factor authentication must be verified with two factors, before any disclosure of account information via email or any modifications to their account.

Preferred factors include:

  • DKIM signatures on the email
  • PGP signatures on the email
  • SSH key challenges
    • To sign: ssh-keygen -Y sign -n file -f ~/.ssh/<key> message.txt
    • To verify: check that ssh-keygen -l -f <key> and ssh-keygen -Y check-novalidate -n file -s message.txt.sig <message.txt match
  • DNS challenges on their mail server address or the domain in their profile (e.g. "please add this random string to a DNS TXT record to verify your identity")
  • Web challenges on the domain in their profile (e.g. "please add this random string to /sourcehut.txt to verify your identity)

The last four digits of the credit card on file is sufficient to prove the user's identity only for the purpose of billing-related support matters, such as cancelling or refunding their payment or transferring billing information to a new account.

If the user is unable to verify their identity, refuse their support inquiry.

Account deletion

Users can perform self-service account deletion by logging into their account and running the delete process on This is preferred to admin intervention since it does not require us to separately verify the user's identity. However, admins can also manually delete accounts via the user dashboard.

Account renames

Clarify that it's prioritized for the beta but not available now, and suggest that they register a new account, move their data over manually (using import/export features et al), and ask for their billing info to be transferred to the new account.

Need 2FA disabled to reset account password

This is a common support request, and it is important to re-enforce when handling this request that the user needs to use two factors to prove their identity even when requesting to have 2FA disabled; they may use alternative approaches like PGP, SSH, DNS, etc, as described in "Identity verification" above but need to provide two factors of some kind nevertheless.

Without a verified identity, they have no recourse but to register for a new account. Their inaccessible account cannot be deleted.

Cannot pay for service

Generally this ends with offering the user one year of free service and asking them to email us again when it runs out if their situation has not changed.

We generally trust our users, and don't ask them to substantiate financial aid requests further than a declaration of need. For instance, there is no need to ask for a student ID to grant service on the basis of a user's student status.

Common reasons to grant free service:

  • Insufficient income (e.g. students, between jobs, etc)
  • Unable to pay using their preferred payment method
  • Political problems (e.g. Russian sanctions)

Common reasons to reject requests for free service:

  • They want free service because their FOSS project is FOSS

If in doubt, offer them free service. The user dashboard has a place to generate invoices, set the source to "Financial aid", the amount to 0, and the term to 1 year (the default). They can re-apply after it runs out.


Generally speaking if a user asks for a refund relatively close to their payment date (say, within one quarter), give them one and cancel their paid services by updating their account type to non-paying.

Transfer billing information to new account

Verify both accounts, using two factors if necessary, then use the user admin UI to transfer the billing info over.

About this wiki

commit 6778928f971ff2e3f4628b7a47c6f6b433c2b11d
Author: Shulhan <>
Date:   2024-06-08T02:18:59+07:00 remove duplicate DELETE API for repos
Clone this wiki (read-only) (read/write)