Page MenuHomePhabricator
Create Task
Maniphest T198190

WMF-NDA-Request for User:Braveheart
Closed, DeclinedPublic
Actions

Description

Hi!

This is a request for access to localised data on Austrian users. Because we share a Wikipedia with other German-speaking countries, we would need accesss to personal data when analysing where users are editing from and how this behaviour changes over time. This information would help us organise and target our projects and events better. It would also help us address needs and issues around editors who live in Austria and edit in other Wikipedias, helping our approach to diversity and support of the wider CEE region.

CCing Aaron because this is request is what we've been talking about for almost 2 years now ;-)

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - Patchset for access request

Event Timeline

Braveheart created this task.Jun 26 2018, 10:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 26 2018, 10:54 AM
MarcoAurelio subscribed.Jun 26 2018, 10:56 AM

If this is an access request to the analytics servers then it's SRE-Access-Requests not WMF-NDA-Requests I think :-)

Aklapper edited projects, added SRE-Access-Requests; removed WMF-NDA-Requests.Jun 27 2018, 11:59 AM
Restricted Application added a project: SRE. · View Herald TranscriptJun 27 2018, 11:59 AM
RobH assigned this task to Braveheart.Jun 27 2018, 3:14 PM
RobH moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
RobH subscribed.

This sounds like a shell request for something in one of the analytics or statistics user groups. However, we will need a few things met before we can roll out shell access to someone. I'll put the checklist in the main task description, but it boils down to a few things:

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.

This is required for ALL shell access requests.

  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)

@Braveheart: You'll need to work with your WMF sponsor (sounds like @Halfak would be the person for you to work with. They hsould be able to make the introductions to WMF legal for you to sign an NDA.

  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.

I'm guessing you'll be using the account 'braveheart' from wikitech for this. Just want to confirm since it wasn't stated. You'll also need to work with your sponsor or other WMF shell users to determine exactly what group(s) you need. It sounds like these are analytics groups, which are explained here: https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups

  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)

You'll need to paste a public SSH key on to the task for use with your account. This should be a key dedicated ONLY to wmf production shell access (do not share with wmf cloud services or any other third party.)

  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)

@Halfak or someone else who understands exactly what you are trying to accomplish will need to

  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task

If your request isn't a sudo request, there is a 3 business day wait once we determine what access you want. (It isn't quite clear on this request at this time.)

  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - Patchset for access request

So we'll need @Braveheart to work with wmf to get a NDA signed and determine exactly what kind of access is needed. I'm assignign this task back to @Braveheart for the above considerations/questions.

RobH updated the task description. (Show Details)Jun 27 2018, 3:14 PM
RobH added a comment.Jun 27 2018, 6:17 PM

I'm also not 100% sure this is for shell access, since I'm not clear on exactly what data (and where it is housed) that @Braveheart is requesting. This could be some web interface or via shell.

MarcoAurelio added a comment.EditedJun 27 2018, 6:20 PM

Sounds sort of https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups, but not sure; hence not adding SRE-Access-Requests instead of WMF-NDA-Requests. (I see Rob did that already).

Halfak added a comment.Jun 27 2018, 8:32 PM

I'd recommend working with the recentchanges to geotag editors unless Analytics has a reporting UI that will work for @Braveheart.

Halfak added a subscriber: Milimetric.Jun 27 2018, 8:35 PM

Word on the IRC is that @Milimetric is working on something for this right now :)

Nuria subscribed.Jun 27 2018, 9:38 PM

I do not think you need access to data but rather to the geoeditor reports (aggreggated counts of edits per country per wiki) so no ssh keys should be needed, in fact besides the data we calculate in those reports there is no other data available that you could use so the reports will provide all information we have.

This is data we are aiming to make public but it is not quite yet. Please take a look: https://wikitech.wikimedia.org/wiki/Analytics/Systems/Geoeditors

Braveheart added a comment.Jun 28 2018, 1:38 PM

Hi Nuria!

I'd love to look at the geoeditor reports - when do you expect them to be published? I assume I still need LDAP access for these datasets?

Best,
Philip

Nuria added a comment.Jun 28 2018, 3:10 PM

@Braveheart: yes, you will need LDAP access and a term for which is granted (we do not grant unbounded access) . We have also given out edited versions of those reports w/o LDAP to third parties so you might want to start by looking at those. Please e-mail us to analytics@ with such a request and we can work with that. I think is clear that for this data you do not need access to prod hardware so you might want to edit this request.

akosiaris changed the task status from Open to Stalled.Jul 6 2018, 7:54 AM
akosiaris triaged this task as Low priority.
akosiaris subscribed.

I am setting this to Stalled and a low priority, pending @Braveheart 's response.

Braveheart added a comment.Jul 8 2018, 4:29 PM

Thanks Akosiaris, currently talking to analytics how to continue.

RobH closed this task as Declined.Jul 23 2018, 4:16 PM

I'm going to go ahead and close this out as declined for now, mostly because with no movement and likely solving this another way, this task is just sitting open and ignored.

This way if there is movement, and this is re-opened, the clinic duty person will know to pick it back up! (So, this closing is easily reversed if the access is again needed!)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits