I don't personally think we need to make any changes. The group can do what we used to allow to everyone, and at least I didn't see any problem with Trusted-Contributors here, which is fairily similar to the Gerrit thing.

For me the policy is not very clear, as it has not a definition of what is a privilege.

My understanding is that the new Gerrit Privilege Policy wants to ensure that everything that a ordinary Gerrit user cannot do (a privilege) must be proposed, discussed and approved first. This seems to be the intention by my reading of https://www.mediawiki.org/wiki/Gerrit/Privilege_policy#Requesting_Gerrit_privileges.

Add Patch Set was sadly removed from everyone because it was abused. Trusted-Contributors was not a group that originally had this ability. I think it makes little sense to create a group to limit who can modify other people's patches if anyone can be added later to said group without any or little control.

Moreover, the policy clearly discourages members of groups to add other members to it without a Task.

I am not for or against the current practice. Being honest, we have had no issues with how things have been working so far. But I'd love this to be clarified as I don't want issues in the future or being accused of breaching the policies and risk sanctions for doing so.

Thanks for opening this task, this could use some clarity and alignment with the privilege policy.

There are several permissions that allow users to change other users patchsets in a way that could be viewed as disruptive:

1. Edit Topic Name
2. Edit Hashtags
3. Add Patchset

These three privileges were at one time granted to the Registered Users group of which all users of Gerrit are a part. That is, anyone who signed into our Gerrit could fiddle with anyone else's patchset in a substantive way -- i.e., a person could upload a new version of your patch that is a complete rewrite of what you intended for a patchset.

There was an instance of abuse of these abilities that was disruptive. In late March these abilities were removed from Registered Users and granted only to Project Owners. It was noted in April on the Wikitech-l list that the change of Add Patchset to be only available to Project Owners was disruptive to a lot of folks' workflows. At the time @Bawolff suggested as a compromise that we grant this ability to Trusted Users. This, to me, seemed like a reasonable compromise as these "permissions" were previously granted to Registered Users this change locked down the ability to add a patchset to users who were "known" in some sense of that word: i.e., through a web of trust -- a self-owned group.

Subsequently, I granted the other permissions that were previously granted to Registered Users to Trusted users: Edit Hashtags and Edit Topic Name.

In T238651#5678213, @MarcoAurelio wrote:

For me the policy is not very clear, as it has not a definition of what is a privilege.

My understanding is that the new Gerrit Privilege Policy wants to ensure that everything that a ordinary Gerrit user cannot do (a privilege) must be proposed, discussed and approved first. This seems to be the intention by my reading of https://www.mediawiki.org/wiki/Gerrit/Privilege_policy#Requesting_Gerrit_privileges.

That is an excellent point; however, at the time that privilege policy was written, the above 3 privileges were granted to all ordinary Gerrit users.

Add Patch Set was sadly removed from everyone because it was abused. Trusted-Contributors was not a group that originally had this ability. I think it makes little sense to create a group to limit who can modify other people's patches if anyone can be added later to said group without any or little control.

I believe the web-of-trust aspect of the Trusted-Contributors group does add some control to the process. Knowing that the group even exists, or having a need to use these missing "privileges" in the first place also acts as a (admittedly low) barrier to entry vs. advertising these privileges to folks who may not even know what they do and abuse them out of ignorance rather than malice.

Moreover, the policy clearly discourages members of groups to add other members to it without a Task.

+1 that seems the current case. Hopefully this discussion can rectify that.

I am not for or against the current practice. Being honest, we have had no issues with how things have been working so far. But I'd love this to be clarified as I don't want issues in the future or being accused of breaching the policies and risk sanctions for doing so.

+1

At the time i was kind of thinking of trusted contribs, as being kind of like autoconfirmed but for gerrit

I'd like to find documentation how someone can add someone else to Trusted-Contributors in Gerrit. I could not find anything on https://www.mediawiki.org/wiki/Gerrit/Privilege_policy . I wasn't aware of this task and created https://www.mediawiki.org/w/index.php?title=Topic:Vmctpz0m7zzpcaqt as this was brought up in PS6 on https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/574865/ when a contributors tried to amend another contributor's patch.

...and once someone found out the hidden magic behind this, an update to https://www.mediawiki.org/w/index.php?title=Gerrit%2FTutorial&type=revision&diff=3860177&oldid=3849345 will be required.

Ok, so Timo told us the magic: it's viral, anyone in the group can add someone else to the group. Is Gerrit Tutorial still the right place to document this? I'm happy to do that if you see no problems with it.

@Milimetric: Yay, thanks! Probably best to update https://www.mediawiki.org/wiki/Gerrit/Tutorial#Amending_a_change_.28your_own_or_someone_else.27s.29 which already mentions this task.

(done) I was about to close the task and then I realized @MarcoAurelio knew how the group works because the task description asks whether it's ok that it keeps working this way. My sense from the Tech Com conversation was that yes, it's ok. I can double check during the next session to see whether they knew this was now against policy, as the task description here points out. Anyone else have other opinions?