I just noticed that I don’t have permissions to update the SSH fingerprints page (instead, I sent the new content to @aborrero to save him some time, and he pasted it in). This seems a bit pointless since I already have deployment access (T208518), so presumably I’m somewhat trusted… is there a defined process for user rights on the Wikitech wiki? (If yes, I can’t find it.)
No defined process other than create a task and wait for someone to action. There are two types of admins: sysop and contentadmin. With the creation and rollout of interface admins probably the segregation doesn't make much of the sense that it had in the past, though; although probably still makes sense. Usually @bd808 or @scfc handled user rights requests in the past for me, so I'm taking the liberty to mention them in here. Regards.
I wonder if the only legitimate use case for modifying that page is accompanied by the ability to change that SSH key, and so potentially is sanest as a right limited to toolforge admins/roots.
yeah totally, and I'm not trying to be emphatic about this -- more curious. That action (replacing the host) would also be an activity limited to toolforge admins. I worry that any other group of folks are not adequately able to ensure it's the right key before updating the page.
WP:BEANS, but sysop on wikitech is a very sensitive user right. For the particular content in question, page protection restrictions are reasonable to prevent edits from bad actors who have somehow figured out how to ssh connections to compromised servers.
@Lucas_Werkmeister_WMDE I have changed the title here to reflect a request for contentadmin. Granting full sysop on Wikitech is unlikely without also granting Cloud-wide root. Contentadmin is a much easier right to approve, assuming that you have a desire to help maintain sensitive content on wikitech in the long term. Please do respond here an let us know if you are actively seeking this right or were just a bit annoyed to find that there was content that you could not change on wikitech.
Well, it was more out of surprise that I was told to edit the page and then couldn’t do it, but since I do edit content on Wikitech from time to time, it would be useful to have this right, sure. (Though I don’t think I’ve run into protected pages before – most of my contributions outside of Wikidata stuff are just random things I find while going through the documentation.)
@Lucas_Werkmeister_WMDE based on your comments in T216126#4980825 I am going to decline this request. Not because I don't feel that you are trustworthy, but because I don't see any demonstrated need for the additional rights. I do not believe the contentadmin right itself would actually have let you fix the fingerprint page, and in reality that edit should be made by a root user who can actually verify the fingerprints before publishing anyway.
If you do come up with a project that makes editing protected content on Wikitech necessary, please do apply again, especially if you can set a time limit on how long the advanced rights will be needed.