I am proposing to revisit CI whitelisting of @Paladox. Previous attempts have been made at the beginning of July 2015:
https://gerrit.wikimedia.org/r/#/c/215064/ by @aude
https://gerrit.wikimedia.org/r/#/c/222187/ by @hashar (dupe of above)
https://gerrit.wikimedia.org/r/#/c/222276/ by @Addshore (dupe again)
Been vetoed by Timo (and approved by others including myself) for good reason at that time:
User is sufficiently inexperienced that I would not trust him to not accidentally compromise our CI infrastructure.
He's known to often copy/paste arbitrary code and is still learning a lot. It'd be trivial for him to accidentally submit insecure or malicious code and compromise our CI servers.
Once our CI infrastructure is better isolated, this will no longer be a concern. At which point the plan is to simply remove this whitelist functionality and open it up to all accounts by default; rendering this addition no longer needed.
I @hashar have been reviewing a lot of his changes in September. He has shown willingness to improve and proposed a lot of additions. @Paladox has definitely been a key person in standardizing the composer/npm setup for MediaWiki extensions.
You can have a quick glance by browsing the long list of changes he made:
https://gerrit.wikimedia.org/r/#/q/owner:Paladox,n,z
Moreover Paladox has CR+2 on a few repositories (label:Code-Review=2,user=Paladox is:merged`).
I believe it is time to whitelist him in CI without waiting for the isolated instances. Can we list the pro/con and reach a consensus ?
Reference: T106359 (semi private task)