Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Configuration changes for wikitech.wikimedia.org | operations/mediawiki-config | master | +40 -6 |
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | MarcoAurelio | T158516 Decide which group(s) will be able to manage 'shell' on wikitech | |||
Resolved | MarcoAurelio | T158482 Remove shellmanagers group on wikitech | |||
Resolved | MarcoAurelio | T158515 Remove 'shellmanagers' rights from all users before removing the group on Wikitech |
Event Timeline
Change 338751 had a related patch set uploaded (by MarcoAurelio):
Configuration changes for wikitech.wikimedia.org
I don't have a very strong opinion on this, but for me bureaucrat in the MediaWiki context roughly means "can give all users all rights" and sysop means "can do anything except make other users sysop". On wikitech.wikimedia.org this principle is upheld and there is contentadmin who can't do as much as sysop, but enough for most of the work to be done. Why should bureaucrats on wikitech.wikimedia.org not be able to give sysop to a user and that function be moved (?) to the cloudadmin group? This insinuates that bureaucrat could/should be given out freelier on wikitech.wikimedia.org.
IMHO this is a wrong approach: Instead there should be a general understanding that (any) rights on wikitech.wikimedia.org require careful consideration, just like other special wikis where bureaucrat still has the same meaning, but only selected people are given this right (or others) on these wikis.
I don't have any issues with bureaucrats granting sysop as well. If this is desired, it only takes a couple of minutes for me to update that patch 🌝 In any case, I strongly agree that rights require careful consideration, be it wikitech or any other place. @bd808 could you weight in as well, please? Thanks.
I broadly agree with @scfc's analysis. I don't have an particular reason why bureaucrat should not be able to manage sysop membership. I mentioned it in a related discussion without thinking the model through well.
The sysop/contentadmin distinction on wikitech is really what causes us issues occasionally. Much of this confusion may have come from me personally. I was given very broad rights on wikitech without any initial knowledge of the sysop/contentadmin distinction. I did not understand for a long time just how much power I had there. I in turn handed out sysop to several people without actually remembering/knowing that on wikitech contentadmin would have been a better fit. As @Nemo_bis has pointed out recently, we do not seem to have done a through job of documenting why sysop is such a scary right on wikitech. I think doing that would be good idea as well as making some local message override on wikitech that would remind all of us to think about that carefully when using https://wikitech.wikimedia.org/wiki/Special:UserRights.
I have T158417: Group messages for Wikitech and related patch waiting to be merged for months already which precisely deals with this one :-)
I'll amend the patch and have bureaucrats add (and remove?) the sysop bit. Shall bureaucrats be also able to remove bureaucrat rights?
Regards.
Bureaucrats (and cloudadmins since they have 'userrights' will be able to manage the 'shell' permission).
Change 338751 merged by jenkins-bot:
Configuration changes for wikitech.wikimedia.org
Mentioned in SAL (#wikimedia-operations) [2017-02-22T19:14:36Z] <thcipriani@tin> Synchronized wmf-config/InitialiseSettings.php: SWAT: [[gerrit:338751|Configuration changes for wikitech.wikimedia.org]] T158516 T158554 T158482 (duration: 00m 40s)