Page MenuHomePhabricator

NDA for Amir Sarabadani
Closed, ResolvedPublic

Description

A list of permissions requested and the reasoning behind your request

TODO: Not sure what permissions are necessary

It is better to explain your use case and needs than it is to ask for specific permissions

  • Build and deploy changes to the future ores.wikimedia.org (in "the production cluster"). See T106867
  • Create dashboards on grafana-admin.wikimedia.org

Wikimedia Foundation employees supporting your request (CCed)

@Halfak, @DarTar, @yuvipanda

FWIW, we're setting up @Ladsgroup with a yubikey per a plan vetted by @csteipp.

Event Timeline

@ori, is grafana-admin just restricted as an anti-vandalism measure or could it be used to show sensitive data? If it's just for anti-vandalism I'd prefer we create a new LDAP group and give it access there (and add Ladsgroup without requiring an NDA). If it's got sensitive data in we should just add @Ladsgroup to the 'nda' LDAP group after signature etc.

@ori, is grafana-admin just restricted as an anti-vandalism measure or could it be used to show sensitive data?

Just anti-vandalism.

Build and deploy changes to the future ores.wikimedia.org (in "the production cluster").

We'll still need an NDA.

Halfak moved this task from Backlog to Radar on the Research-Backlog board.

I strongly support this request, @Ladsgroup is a core contributor to ORES and I'd love to see him set up with an NDA to remove these blockers.

DarTar triaged this task as High priority.
DarTar moved this task from Staged to Time Sensitive on the Research board.

I can't sign L2. Is there anything else we should do?

@Aklapper, I think you have to add users to WMF-NDA-Requests before they're allowed to view/sign?

@Aklapper, just checking in. Is there anything that I need to do to help this request move forward?

@Aklapper, ping. If there's something Amir or I can do to get this done, please let me know.

Sorry, I missed this task so far. :( (Thanks Krenair for pinging me on IRC.)

https://phabricator.wikimedia.org/tag/wmf-nda-requests/ links to https://wikitech.wikimedia.org/wiki/Volunteer_NDA which explains the process at least for NDA stuff in Phabricator. I've made @Ladsgroup a member of WMF-NDA-Requests so he should be able to sign L2.
I think grafana-admin is an LDAP group and I'm clueless about such stuff. See https://wikitech.wikimedia.org/wiki/LDAP_Groups and https://phabricator.wikimedia.org/tag/ldap-access-requests/

@Aklapper Thanks. I just read and signed. What is the next step now? The wikitech says we need a c-level to sign off this too. Is it right?

I'd assume (I didn't come up with the rules myself)...
I suppose @Halfak makes someone here in Phab add a comment like "I am a C-Level executive and I approve this message" or such? :)
I still don't have the slightest idea who can and is going to add you to the LDAP group though...sigh

Yes, previously there were c-level folks actually on phab to approve. The c-level approval requirement is current as of the last revision of this process. who all counts as a c-level these days? I'm not entirely sure or if they are on phab.

@Slaporte ^ can you help us understand who can satisfy the requirement from:

https://wikitech.wikimedia.org/wiki/Volunteer_NDA

for

" Sign off by a C level Wikimedia Foundation executive. WMF employees will arrange this as a last sign-off when all other criteria has been met."

Do we really have to go through this every time someone requests NDA access? https://lists.wikimedia.org/mailman/private/wmfall/2016-May/022036.html was pretty clear on who current C-levels are. So the most likely person to approve this request is Wes.

One thing is that I'm a contractor working for WMDE and we have this "(If you are staff or contractor for Wikimedia Germany, please check with WMF-legal if this step is necessary.)". So is it necessary then?

Wes Moran (@Wwes) can approve.

The phrase "C-level" can get unnecessarily confusing, so here is a bit of background. It refers to the people who have some contract-signing authority under the Wikimedia Foundation Delegation Policy. This includes the Executive Director, Vice President of Product, and a few other senior staff members (who may or may not have "C" in their title). For technical questions (like tech volunteer NDA), I'd recommend talking to @Wwes. I've also added a link in the Volunteer NDA page to hopefully avoid some confusion next time.

One thing is that I'm a contractor working for WMDE and we have this "(If you are staff or contractor for Wikimedia Germany, please check with WMF-legal if this step is necessary.)". So is it necessary then?

Yes, let's ask for @Wwes's approval. I'm checking internally about the note on WMDE in the policy.

jcrespo claimed this task.
jcrespo lowered the priority of this task from High to Medium.
jcrespo added a subscriber: jcrespo.

This has been approved, but not yet executed. Blocked on https://gerrit.wikimedia.org/r/#/c/292405/

@Ladsgroup, I have added you to the grafana-admin LDAP group, please check that you can log in correctly to https://grafana-admin.wikimedia.org

Hey, Yes. I was able to login to the grafana-admin. Thanks

@Halfak do we also have an MOU on file for @Ladsgroup and if so, can we add him here.