Page MenuHomePhabricator

NDA for Amir Sarabadani
Closed, ResolvedPublic

Description

A list of permissions requested and the reasoning behind your request

TODO: Not sure what permissions are necessary

It is better to explain your use case and needs than it is to ask for specific permissions

  • Build and deploy changes to the future ores.wikimedia.org (in "the production cluster"). See T106867
  • Create dashboards on grafana-admin.wikimedia.org

Wikimedia Foundation employees supporting your request (CCed)

@Halfak, @DarTar, @yuvipanda

FWIW, we're setting up @Ladsgroup with a yubikey per a plan vetted by @csteipp.

Event Timeline

Halfak created this task.May 7 2016, 3:31 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 7 2016, 3:31 PM
Krenair added subscribers: ori, Krenair.EditedMay 7 2016, 4:43 PM

@ori, is grafana-admin just restricted as an anti-vandalism measure or could it be used to show sensitive data? If it's just for anti-vandalism I'd prefer we create a new LDAP group and give it access there (and add Ladsgroup without requiring an NDA). If it's got sensitive data in we should just add @Ladsgroup to the 'nda' LDAP group after signature etc.

ori added a comment.May 7 2016, 5:23 PM

@ori, is grafana-admin just restricted as an anti-vandalism measure or could it be used to show sensitive data?

Just anti-vandalism.

Halfak added a comment.May 8 2016, 5:03 PM

Build and deploy changes to the future ores.wikimedia.org (in "the production cluster").

We'll still need an NDA.

Halfak edited projects, added Research-Backlog; removed Research.May 9 2016, 3:02 PM
Halfak moved this task from Backlog to Radar on the Research-Backlog board.
DarTar added a comment.May 9 2016, 4:30 PM

I strongly support this request, @Ladsgroup is a core contributor to ORES and I'd love to see him set up with an NDA to remove these blockers.

DarTar assigned this task to Halfak.May 9 2016, 9:37 PM
DarTar triaged this task as High priority.
DarTar moved this task from Staged to Time Sensitive on the Research board.
Ladsgroup added a comment.EditedMay 15 2016, 11:52 AM

I can't sign L2. Is there anything else we should do?

@Aklapper, I think you have to add users to WMF-NDA-Requests before they're allowed to view/sign?

@Aklapper, just checking in. Is there anything that I need to do to help this request move forward?

@Aklapper, ping. If there's something Amir or I can do to get this done, please let me know.

Sorry, I missed this task so far. :( (Thanks Krenair for pinging me on IRC.)

https://phabricator.wikimedia.org/tag/wmf-nda-requests/ links to https://wikitech.wikimedia.org/wiki/Volunteer_NDA which explains the process at least for NDA stuff in Phabricator. I've made @Ladsgroup a member of WMF-NDA-Requests so he should be able to sign L2.
I think grafana-admin is an LDAP group and I'm clueless about such stuff. See https://wikitech.wikimedia.org/wiki/LDAP_Groups and https://phabricator.wikimedia.org/tag/ldap-access-requests/

@Aklapper Thanks. I just read and signed. What is the next step now? The wikitech says we need a c-level to sign off this too. Is it right?

I'd assume (I didn't come up with the rules myself)...
I suppose @Halfak makes someone here in Phab add a comment like "I am a C-Level executive and I approve this message" or such? :)
I still don't have the slightest idea who can and is going to add you to the LDAP group though...sigh

Yes, previously there were c-level folks actually on phab to approve. The c-level approval requirement is current as of the last revision of this process. who all counts as a c-level these days? I'm not entirely sure or if they are on phab.

@Slaporte ^ can you help us understand who can satisfy the requirement from:

https://wikitech.wikimedia.org/wiki/Volunteer_NDA

for

" Sign off by a C level Wikimedia Foundation executive. WMF employees will arrange this as a last sign-off when all other criteria has been met."

Do we really have to go through this every time someone requests NDA access? https://lists.wikimedia.org/mailman/private/wmfall/2016-May/022036.html was pretty clear on who current C-levels are. So the most likely person to approve this request is Wes.

One thing is that I'm a contractor working for WMDE and we have this "(If you are staff or contractor for Wikimedia Germany, please check with WMF-legal if this step is necessary.)". So is it necessary then?

Wes Moran (@Wwes) can approve.

The phrase "C-level" can get unnecessarily confusing, so here is a bit of background. It refers to the people who have some contract-signing authority under the Wikimedia Foundation Delegation Policy. This includes the Executive Director, Vice President of Product, and a few other senior staff members (who may or may not have "C" in their title). For technical questions (like tech volunteer NDA), I'd recommend talking to @Wwes. I've also added a link in the Volunteer NDA page to hopefully avoid some confusion next time.

One thing is that I'm a contractor working for WMDE and we have this "(If you are staff or contractor for Wikimedia Germany, please check with WMF-legal if this step is necessary.)". So is it necessary then?

Yes, let's ask for @Wwes's approval. I'm checking internally about the note on WMDE in the policy.

Thank you for clearing that up @Slaporte

Approved

Thanks :)

Ladsgroup closed this task as Resolved.Jun 1 2016, 1:48 PM
jcrespo reopened this task as Open.Jun 3 2016, 9:35 AM
jcrespo claimed this task.
jcrespo lowered the priority of this task from High to Normal.
jcrespo added a subscriber: jcrespo.

This has been approved, but not yet executed. Blocked on https://gerrit.wikimedia.org/r/#/c/292405/

@Ladsgroup, I have added you to the grafana-admin LDAP group, please check that you can log in correctly to https://grafana-admin.wikimedia.org

Hey, Yes. I was able to login to the grafana-admin. Thanks

jcrespo closed this task as Resolved.Jun 7 2016, 4:57 PM

@Halfak do we also have an MOU on file for @Ladsgroup and if so, can we add him here.