A list of permissions requested and the reasoning behind your request
TODO: Not sure what permissions are necessary
It is better to explain your use case and needs than it is to ask for specific permissions
Wikimedia Foundation employees supporting your request (CCed)
FWIW, we're setting up @Ladsgroup with a yubikey per a plan vetted by @csteipp.
@ori, is grafana-admin just restricted as an anti-vandalism measure or could it be used to show sensitive data? If it's just for anti-vandalism I'd prefer we create a new LDAP group and give it access there (and add Ladsgroup without requiring an NDA). If it's got sensitive data in we should just add @Ladsgroup to the 'nda' LDAP group after signature etc.
Build and deploy changes to the future ores.wikimedia.org (in "the production cluster").
We'll still need an NDA.
I strongly support this request, @Ladsgroup is a core contributor to ORES and I'd love to see him set up with an NDA to remove these blockers.
I don't see Amir's signature on https://phabricator.wikimedia.org/L2 (yet).
See links on https://phabricator.wikimedia.org/tag/wmf-nda-requests/
@Aklapper, I think you have to add users to WMF-NDA-Requests before they're allowed to view/sign?
@Aklapper, just checking in. Is there anything that I need to do to help this request move forward?
@Aklapper, ping. If there's something Amir or I can do to get this done, please let me know.
Sorry, I missed this task so far. :( (Thanks Krenair for pinging me on IRC.)
https://phabricator.wikimedia.org/tag/wmf-nda-requests/ links to https://wikitech.wikimedia.org/wiki/Volunteer_NDA which explains the process at least for NDA stuff in Phabricator. I've made @Ladsgroup a member of WMF-NDA-Requests so he should be able to sign L2.
I think grafana-admin is an LDAP group and I'm clueless about such stuff. See https://wikitech.wikimedia.org/wiki/LDAP_Groups and https://phabricator.wikimedia.org/tag/ldap-access-requests/
@Aklapper Thanks. I just read and signed. What is the next step now? The wikitech says we need a c-level to sign off this too. Is it right?
I'd assume (I didn't come up with the rules myself)...
I suppose @Halfak makes someone here in Phab add a comment like "I am a C-Level executive and I approve this message" or such? :)
I still don't have the slightest idea who can and is going to add you to the LDAP group though...sigh
Yes, previously there were c-level folks actually on phab to approve. The c-level approval requirement is current as of the last revision of this process. who all counts as a c-level these days? I'm not entirely sure or if they are on phab.
@Slaporte ^ can you help us understand who can satisfy the requirement from:
https://wikitech.wikimedia.org/wiki/Volunteer_NDA
for
" Sign off by a C level Wikimedia Foundation executive. WMF employees will arrange this as a last sign-off when all other criteria has been met."
Do we really have to go through this every time someone requests NDA access? https://lists.wikimedia.org/mailman/private/wmfall/2016-May/022036.html was pretty clear on who current C-levels are. So the most likely person to approve this request is Wes.
One thing is that I'm a contractor working for WMDE and we have this "(If you are staff or contractor for Wikimedia Germany, please check with WMF-legal if this step is necessary.)". So is it necessary then?
Wes Moran (@Wwes) can approve.
The phrase "C-level" can get unnecessarily confusing, so here is a bit of background. It refers to the people who have some contract-signing authority under the Wikimedia Foundation Delegation Policy. This includes the Executive Director, Vice President of Product, and a few other senior staff members (who may or may not have "C" in their title). For technical questions (like tech volunteer NDA), I'd recommend talking to @Wwes. I've also added a link in the Volunteer NDA page to hopefully avoid some confusion next time.
Yes, let's ask for @Wwes's approval. I'm checking internally about the note on WMDE in the policy.
This has been approved, but not yet executed. Blocked on https://gerrit.wikimedia.org/r/#/c/292405/
@Ladsgroup, I have added you to the grafana-admin LDAP group, please check that you can log in correctly to https://grafana-admin.wikimedia.org
@Halfak do we also have an MOU on file for @Ladsgroup and if so, can we add him here.