Page MenuHomePhabricator

Custom task form for #WMF-NDA
Closed, ResolvedPublic

Description

Per discussion in -staff and -devtools just now, please create a custom task submission form for WMF-NDA, like Security 's form at https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/2/.

Preamble

Use this form to report non-security issues that should be private, restricted to members of WMF-NDA.

Fields

Comments:

Hidden

Status:

Hidden, Default: Open

Story Points:

Hidden?

Visible To:

Hidden. Default space: S1 Public, Default policy: Custom policy allowing only members of WMF-NDA, subscribers, and the task author.

Editable By:

Hidden, Default: All Users

Tags:

Locked, Default: WMF-NDA

Security:

Locked, Default: Other confidential issue

Visibility

I'd like this form to be visible either to all users or to members of WMF-NDA. It doesn't necessarily have to appear on the global Create Task menu, but if not, it should be well documented.

Event Timeline

Restricted Application added subscribers: TerraCodes, Aklapper. · View Herald TranscriptAug 9 2016, 7:17 PM

I would hide the story points, normally the creator (requestor in this case I guess) is not the one, who set the priority, same for story points.

mmodell added subscribers: chasemp, greg.

From the WMF-NDA project description:

NOTICE: This group is for NDA signatory access to RT level core-ops issues and equivalent. Any other use of this group is ill-advised and if another level of access is intended a new group must be created.

Administrative access is needed to add new members to this list.

New members should never be added without a verified NDA by someone who knows what they are doing.

This group initially reflected Operations members and volunteers who have signed an NDA sufficient to allow them to access the above content.

If you believe you should be a member, follow the process.

I believe there is some legacy related to Operations which has never been clear to those outside Operations and which leads to some confusion with the WMF-NDA policy group. Maybe we should consider renaming and/or splitting the WMF-NDA group into parent/subgroups like I've done with Policy-Admins. E.g:

So we create NDA, rename the existing wmf-nda group to acl*ops-nda and make it a subproject under NDA, then create a new more general-purpose group called acl*wmf-nda (with WMF-NDA as an alternative hashtag).

So we would have:

  • NDA - group parent-project which is just a container for nda projects
    • #acl*ops-nda
    • #acl*wmf-nda
    • Any others?

+1 to split #WMF-NDA to properly named acl*... projects.

However, what would be the NDA good for?

Tbayer edited subscribers, added: Tbayer; removed: HaeB.Aug 10 2016, 1:24 AM

Another thing, I'm thinking we shouldn't allow subscribers to view. If the task contains protected information then we shouldn't allow anyone outside of the NDA group to view it regardless of being CC'd.

mmodell added a comment.EditedAug 10 2016, 1:49 AM

+1 to split #WMF-NDA to properly named acl*... projects.

However, what would be the NDA good for?

So that we can use the NDA group in policy rules instead of having to list each sub-group explicitly. Then if more sub-groups get added later we don't have to find and update all of the relevant policy rules.

mmodell added a comment.EditedAug 10 2016, 6:28 AM

I still think that we should consider re-organizing WMF-NDA into multiple projects, however, here's a work-in-progress form with the requested parameters: https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/23/

+1 to split #WMF-NDA to properly named acl*... projects.

However, what would be the NDA good for?

So that we can use the NDA group in policy rules instead of having to list each sub-group explicitly. Then if more sub-groups get added later we don't have to find and update all of the relevant policy rules.

That of course makes sense, I was confused by the name and icon. Therefore for the sake of consistency it should be acl*NDA-all.

That of course makes sense, I was confused by the name and icon. Therefore for the sake of consistency it should be acl*NDA-all.

I don't think the acl* convention makes sense anymore because:

  1. It's ugly
  2. provides plenty of visual queues that a project is used for policy controls.
  3. The projects advanced search provides a filter for icon as well as color so we can easily find all policy projects for auditing purposes. We don't need substring matching to identify them.

So, in my not so humble opinion:

acl*NDA-allugly
NDA-Allok but redundant
NDAPerfect
Legoktm added a subscriber: Legoktm.Dec 4 2016, 7:39 AM

Per discussion in -staff and -devtools just now

Could you please summarize those discussions on this task?

I think this task should be marked as complete? the primary purpose has been fulfilled.

I think it's close, it just needs the tag field to always include WMF-NDA and I think the only way to do that right now is to lock it.

ok I've locked it ...

mmodell closed this task as Resolved.May 12 2017, 12:52 AM