Maniphest T198679

Investigate switching internal mailing list over to GSuite group
Closed, ResolvedPublic
Actions

Description

As part of our T195596: WMSE e-mail restructure we should also investigate switching internal mailing list over to GSuite group. Currently we have three active internal/closed e-mail lists for staff, board and staff+board handled by mailman. (for all lists see T198457: Look over usage of @styrelse.wiklimedia.se mailing lists)

With our switch to GSuite it is worth investigating if these could be swapped over to closed groups instead. The benefit is that access would be directly controlled from one place and more strongly tied to the users @wikimedia.se accounts whilst also potentially removing our need for maintaining the mailman instance.

We should look into what, if any, features are gained/lost as well as if there are any other factors which may affect the choice.

Results

Benefits

One system less to maintain
Guaranteed overlap between Drive-access and e-mail list access
Security - Our mailman instance is unlikely to be as secure as GSuite [both mailman and the OS of the server are outdated]

Disadvantages

FLOSS - This is one of the FLOSS tools that we currently use. That said not switching would not mean dropping GSuite.
Google would gain access to the communications

No difference

Access - GSuite admins would gain access to board communications. Server admins (actually a larger group) have however had access to these already. This can be handled by T196334: Assign appropriate admin roles in Google Workspace
Quarantined messages - non-list members can e-mail the list after an admin has approved the message.
Archives - While the archives are closed they can be browsed by current members. (It also looks possible to migrate the old archives.)

Unclear

Exportability/Compatibility - Would it be as easy to switch back/to a third option in the future?
- It looks possible to download the google groups contents as mbox (how mailman archives are stored) using e.g. google-group-crawler

Related Objects
Search...

Status	Assigned	Task
Open	None	T195596 WMSE e-mail restructure
Resolved	Lokal_Profil	T233927 Clean up old WMSE server environment
Resolved	Lokal_Profil	T198679 Investigate switching internal mailing list over to GSuite group

Event Timeline

Lokal_Profil created this task.Jul 3 2018, 7:51 AM

Lokal_Profil mentioned this in T195596: WMSE e-mail restructure.

I've added a quick initial analysis. It would be good with more usage scenarios which we could compare.

@Historiker If the board has any special needs/thoughts about this that would also be good to capture.

Lokal_Profil updated the task description. (Show Details)Jul 3 2018, 7:54 AM

Lokal_Profil moved this task from Backlog to GSuite migration on the WMSE-Organisational-Development-2018 board.Jul 3 2018, 1:25 PM

Lokal_Profil edited projects, added WMSE-Organisational-Development-2018 (GSuite migration); removed WMSE-Organisational-Development-2018.

Sebastian_Berlin-WMSE edited projects, added WMSE-Organisational-Development-2019 (GSuite migration); removed WMSE-Organisational-Development-2018 (GSuite migration).Jan 29 2019, 2:06 PM

Lokal_Profil added a parent task: T195596: WMSE e-mail restructure.Jun 4 2019, 11:07 AM

Lokal_Profil mentioned this in T233814: Internal mailing lists are unresponsive.Sep 25 2019, 1:40 PM

Collaborative inboxes: T197864#5210022.

@Historiker per your questions.

E-mails from users outside of the group: It is possible to allow e-mails from outside of the group. You can further set it up so that such e-mails have to be handled by a moderator before being sent to the whole group.
Access: Basic access would be set to the styrelse group. Out of this group of users one or two users would be given moderation rights (to check emails from the outside).
- Super-admins (me+Sebastian+john) will always be able to view the messages by going to the web interface via the settings menu. It also looks as though we can create messages in the group using the same interface. I've sent a message to support to see if it is either possible to limit access further or if it's at least possible to monitor when/if admins view the messages.
- Note that in practice this doesn't change things significantly compared to how it works today. The users with server access can likely read through all the e-mails directly on the server.

Got a reply from Google.

There is no way of preventing a super-admin from having access, nor is there a way of monitoring if they use that access.

What we can do is reduce the number of superadmins and instead create an admin role without that particular access. There would always be (at least) one such account though.

Theoretically we could have a setup where there is a superadmin account that ia separate to any user account. It might then be possible to monitor any login to that account, but of course once logged in it still comes down to trust since you cannot se if they read any messages.

Sebastian_Berlin-WMSE edited projects, added WMSE-Organisational-Development-2020 (GSuite migration); removed WMSE-Organisational-Development-2019 (GSuite migration).Jan 16 2020, 2:53 PM

@Jopparn @Historiker I'm increasing the priority of this one after having seen the status of the server where this is currently running.

We should either move forwards with migrating this to gsuite (my recommendation) or migrate it to bahnhof (and upgrade to the latest mailman)

An aside on non-internal mailing lists can not easily be made joinable and searchable by non-members (people without gsuite accounts) without us changing the global access setting for the whole domain. Which we should not do.

The good thing is that the only such list we have left is wlm-se, which doesn't seem to be in use (ping @AxelPettersson_WMSE )

I suggest we go with Gsuite, despite the problem you pointed at.

In T198679#5822215, @Lokal_Profil wrote:

The good thing is that the only such list we have left is wlm-se, which doesn't seem to be in use (ping @AxelPettersson_WMSE )

Axel replied that it is no longer in use

In T198679#5822269, @Jopparn wrote:

I suggest we go with Gsuite, despite the problem you pointed at.

I agree. I checked with WMDE and they use the same setup. As for SuperAdmins being able to access that is covered by a combination of contractual clauses and criminal law.

In T198679#5822269, @Jopparn wrote:

I suggest we go with Gsuite, despite the problem you pointed at.

I agree. I checked with WMDE and they use the same setup. As for SuperAdmins being able to access that is covered by a combination of contractual clauses and criminal law.

What we should do at the same time is review who has this access and if any should be removed (I would still want at least two people for bus factor reasons)

Lokal_Profil moved this task from 📥 Backlog to 📆 This week on the User-LokalProfil board.Jan 22 2020, 1:09 PM

Next steps (to be turned into tasks)

Look into archive migration (a quick search suggests it's definitely doable)
Look at what suitable new list names will be. [Since we are switching from @styrelse.wikimedia.org anyway and there has been some confusion around the naming of two of the lists in the past.]
1. Look if any of those are already aliases and if so remove them from the routing mappings [I know styrelse@ is]
Switch over the office list to use groups. [Less traffic than board group with a natural fallback (hangout) should everything go tits up]
Look into adding the old mailing list as a recipient in a group (to maintain an archive should we decide this works badly) [not needed for office list but rather for the board list]
Look into forwarding e-mails directed at the old addresses to the new mailinglists [also ok if this only happens when board gets switched over, likely needed since gsuite will take over routing of that subdomain]
Revise who has super-admin access [also ok to happen after office gets switched over but before board gets it][might already be a task for this]

Also update T195596: WMSE e-mail restructure to remove potential overlaps with that list

Lokal_Profil updated the task description. (Show Details)Jan 22 2020, 8:13 PM

Lokal_Profil moved this task from Backlog to In progress on the WMSE-Organisational-Development-2020 (GSuite migration) board.

Lokal_Profil moved this task from 📆 This week to 📥 Backlog on the User-LokalProfil board.Aug 11 2020, 9:02 AM

Lokal_Profil edited projects, added WMSE-Organisational-Development-2021 (Google Workspace integration); removed WMSE-Organisational-Development-2020 (GSuite migration).Jan 14 2021, 12:22 AM

Lokal_Profil moved this task from Backlog to In progress on the WMSE-Organisational-Development-2021 (Google Workspace integration) board.

Sebastian_Berlin-WMSE edited projects, added WMSE-Organisational-Development-2022 (Google Workspace integration); removed WMSE-Organisational-Development-2021 (Google Workspace integration).Feb 22 2022, 11:48 AM

Sebastian_Berlin-WMSE moved this task from Backlog to In progress on the WMSE-Organisational-Development-2022 (Google Workspace integration) board.

Lokal_Profil added a parent task: T233927: Clean up old WMSE server environment.Mar 16 2022, 1:20 PM

I created a task for moving the office mailing list: T304157.

(From description):

Google would gain access to the communications

More access than they would have anyway? We still use Gmail either way.

Sebastian_Berlin-WMSE mentioned this in T304157: Switch office mailing list to Google Groups.Mar 18 2022, 1:17 PM

Lokal_Profil added a project: User-Sebastian_Berlin-WMSE.Mar 22 2022, 12:22 PM

Sebastian_Berlin-WMSE moved this task from Backlog to This Week on the User-Sebastian_Berlin-WMSE board.Mar 22 2022, 12:22 PM

In T198679#7788551, @Sebastian_Berlin-WMSE wrote:

(From description):

Google would gain access to the communications

More access than they would have anyway? We still use Gmail either way.

This was before the board moved over to gmail I believe