Page MenuHomePhabricator
Create Task
Maniphest T229122

Allow wmf-deployment to remove votes from changes in wmf branches
Closed, ResolvedPublic
Actions

Description

Ocasionally, it's necessary to remove a vote from change against a wmf branch (see https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/525598 as an example). wmf-deployment can't do this now, and as such, deployment of those changes by a member of wmf-deployment who's not in mediawiki group requires getting somebody who is, just to remove the vote in question. Could we grant wmf-deployment this ability too? Thanks!

Event Timeline

Urbanecm created this task.Jul 26 2019, 2:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2019, 2:57 PM
Paladox moved this task from Bugs & stuff to Repo Admin on the Gerrit board.Jul 26 2019, 3:00 PM
Krinkle awarded a token.Jul 26 2019, 3:07 PM
Krinkle subscribed.

I support this proposal.

Florian subscribed.Jul 28 2019, 10:29 AM

I support this, too, having wmf-deployment people able to deploy is their main reason why this group exists.

Florian awarded a token.Jul 28 2019, 10:29 AM
Florian rescinded a token.
Florian awarded a token.
Urbanecm added a comment.Mar 23 2020, 6:28 PM

Seems there are no objections? Could an admin handle this, please?

hashar subscribed.Mar 24 2020, 9:40 AM

I would guess that is done in the mediawiki parent project https://gerrit.wikimedia.org/r/#/admin/projects/mediawiki,access . It has:

Remove Reviewer

l10n-bot-watcher
mediawiki

The mediawiki group ( https://gerrit.wikimedia.org/r/#/admin/groups/11,members ) has a bunch of people and include the groups:

ldap/ops
ldap/wmf
wmde-mediawiki

So I guess that is an odd case of someone being in the wmf-deployment group and not being in the mediawiki one. Maybe we can have mediawiki to also include wmf-deployment in addition to ldap/ops, ldap/wmf and wmde-mediawiki?

Urbanecm added a comment.Mar 24 2020, 11:14 AM
In T229122#5994309, @hashar wrote:

I would guess that is done in the mediawiki parent project https://gerrit.wikimedia.org/r/#/admin/projects/mediawiki,access . It has:

Remove Reviewer

l10n-bot-watcher
mediawiki

The mediawiki group ( https://gerrit.wikimedia.org/r/#/admin/groups/11,members ) has a bunch of people and include the groups:

ldap/ops
ldap/wmf
wmde-mediawiki

So I guess that is an odd case of someone being in the wmf-deployment group and not being in the mediawiki one. Maybe we can have mediawiki to also include wmf-deployment in addition to ldap/ops, ldap/wmf and wmde-mediawiki?

Hmm, that would extend the ability of wmf-deployment to review all MediaWIki patches, which is above it is now, technically. I agree there shouldn't be a problem of trust (deployers are able to deploy any MediaWiki change, reviewed or not), but will wmf-deployment (alone) ever need to +2 a MW patch in master?

DannyS712 subscribed.May 28 2020, 7:34 AM
In T229122#5994505, @Urbanecm wrote:
In T229122#5994309, @hashar wrote:

I would guess that is done in the mediawiki parent project https://gerrit.wikimedia.org/r/#/admin/projects/mediawiki,access . It has:

Remove Reviewer

l10n-bot-watcher
mediawiki

The mediawiki group ( https://gerrit.wikimedia.org/r/#/admin/groups/11,members ) has a bunch of people and include the groups:

ldap/ops
ldap/wmf
wmde-mediawiki

So I guess that is an odd case of someone being in the wmf-deployment group and not being in the mediawiki one. Maybe we can have mediawiki to also include wmf-deployment in addition to ldap/ops, ldap/wmf and wmde-mediawiki?

Hmm, that would extend the ability of wmf-deployment to review all MediaWIki patches, which is above it is now, technically. I agree there shouldn't be a problem of trust (deployers are able to deploy any MediaWiki change, reviewed or not), but will wmf-deployment (alone) ever need to +2 a MW patch in master?

maybe to fix an UBN by reverting a recent patch - it shouldn't be backported and deployed until its merged to master

Urbanecm added a comment.Jun 18 2020, 9:11 AM

Ping? :)

Legoktm edited projects, added Gerrit-Privilege-Requests; removed Gerrit.Jun 18 2020, 9:35 AM
Legoktm subscribed.
In T229122#6234217, @Urbanecm wrote:

Ping? :)

Sorry I didn't see this earlier, I've fixed the project tags as this is a request for a permissions change. I think this makes sense, but I'd like to wait the week per policy in case anyone else has comments.

DannyS712 added a comment.Jul 27 2020, 4:42 PM

@Legoktm I tried to create a config patch to grant Remove Reviewer which I believe is the permission needed, but Error 409 (Conflict): project state READ_ONLY does not permit write

Urbanecm added a comment.Aug 18 2020, 9:50 AM

@Legoktm and/or other gerrit admins: Ping? :-)

MarcoAurelio moved this task from Backlog to Needs discussion on the Gerrit-Privilege-Requests board.Aug 25 2020, 10:12 AM
Legoktm claimed this task.Nov 28 2020, 2:46 AM

I implemented https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/+/70c409074d0b0f4a4a1b49d54ea0e1b76ac6043a%5E%21/#F0 - could you verify that it's had the intended effect?

Urbanecm closed this task as Resolved.Nov 28 2020, 4:09 PM
In T229122#6653426, @Legoktm wrote:

I implemented https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/+/70c409074d0b0f4a4a1b49d54ea0e1b76ac6043a%5E%21/#F0 - could you verify that it's had the intended effect?

Thanks! It works now (through I had to use my test acc to actually test, as I got +2 in mediawiki/* in the meantime). Anyway, thanks!

DannyS712 moved this task from Needs discussion to Resolved on the Gerrit-Privilege-Requests board.Aug 20 2021, 2:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL