Page MenuHomePhabricator

Off-board from Release Engineering
Closed, ResolvedPublic

Description

I used to be in Release-Engineering-Team. I still have privileges that I don't need. For security reasons, privileges that I don't use should be removed.

@zeljkofilipin

@thcipriani

  • WMCS:
    • deployment-prep
    • integration
  • Phabricator admin
    • security tasks
    • RelEng ACL Groups
  • team drive
  • gpg

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptNov 5 2020, 11:43 AM

@thcipriani do you have time to talk about this next week? Feel free to schedule a meeting during my Tuesday and Friday out-of-office event in my calendar.

zeljkofilipin updated the task description. (Show Details)
zeljkofilipin updated the task description. (Show Details)
zeljkofilipin updated the task description. (Show Details)

@zeljkofilipin I added some WMCS checkboxes for you. I can't remove you from some of those projects since I'm not a part of those projects. If you login to https://horizon.wikimedia.org is there a "leave" button or similar? Maybe there are docs for that one wikitech.

Change 661150 had a related patch set uploaded (by Thcipriani; owner: Thcipriani):
[operations/puppet@production] Offboard zfilipin from Release Engineering

https://gerrit.wikimedia.org/r/661150

Change 661150 merged by Muehlenhoff:
[operations/puppet@production] Offboard zfilipin from Release Engineering

https://gerrit.wikimedia.org/r/661150

  • tools ( I think this is for toolforge/you don't want to be removed)

@zeljkofilipin can you confirm here that you do want to have your membership in Toolforge revoked? I saw your email stating you had self-removed from being a maintainer of any existing tools. Removing you from the project entirely can be done by myself or another Toolforge project admin. Its honestly not something that is very commonly done, but we can do it if you are pretty sure that you will never want to contribute to Toolforge in the future.

@bd808 I don't think I've ever used toolforge so far. I think it's safe to say I'm unlikely to use it in the near future. If I need to use it in the future, I guess I could always ask to be added back, right? ๐Ÿ˜…

I thought it would be better to remove myself from tools that I don't use, but I don't care either way. If you think it's safe to keep me in the project, we can do that.

@bd808 I don't think I've ever used toolforge so far. I think it's safe to say I'm unlikely to use it in the near future. If I need to use it in the future, I guess I could always ask to be added back, right? ๐Ÿ˜…

I thought it would be better to remove myself from tools that I don't use, but I don't care either way. If you think it's safe to keep me in the project, we can do that.

Your bash history on Toolforge makes it look like you only ever used the account a few times to interact with jouncebot. I'll remove you from the project, and as you said you can always rejoin in the future.

Mentioned in SAL (#wikimedia-cloud) [2021-02-24T18:30:23Z] <bd808> sudo wmcs-openstack role remove --user zfilipin --project tools user T267313

Mentioned in SAL (#wikimedia-cloud) [2021-02-24T18:32:10Z] <bd808> sudo wmcs-openstack role remove --user zfilipin --project bastion user T267313

@thcipriani as far as I can see, the only thing left is me being a phabricator admin and my access to security tasks.

There's Remove Administrator option at my user page. Should I just try that? (I'm not sure if anything could go wrong.)

@thcipriani the second thing, security tasks, I don't even know where to start. I'm a member of several projects that have security in name. Do you know which ones should I leave?

While looking at the projects, I'm listed as a member in several releng milestones (example: CI & Testing services) but when I try to remove myself from members, I'm not a member. ๐Ÿคทโ€โ™‚๏ธ

@thcipriani the second thing, security tasks, I don't even know where to start. I'm a member of several projects that have security in name. Do you know which ones should I leave?

My memory is that this is the project: https://phabricator.wikimedia.org/project/view/30/

As part of onboarding we follow: https://www.mediawiki.org/wiki/Security/SOP/Access_to_Phabricator_Security_Issues not sure about offboarding. Maybe a subtask of this task with the security team would be the safest path/ensure you get removed completely.

While looking at the projects, I'm listed as a member in several releng milestones (example: CI & Testing services) but when I try to remove myself from members, I'm not a member. ๐Ÿคทโ€โ™‚๏ธ

Yeah...I suspected you must be a member of the parent project, but that doesn't seem to be the case either. @mmodell might know on that one(?).

@zeljkofilipin: Huh, I don't see you listed as a member on https://phabricator.wikimedia.org/project/members/4117/ ? Can you clarify where (URL) you are? (In general, Milestones cannot specify members. Instead, the members of its parent project are treated as being its members. [1])

@zeljkofilipin: Huh, I don't see you listed as a member on https://phabricator.wikimedia.org/project/members/4117/ ? Can you clarify where (URL) you are? (In general, Milestones cannot specify members. Instead, the members of its parent project are treated as being its members. [1])

  • I'm a "member" in many milestones, but I don't know why

It is showing milestones of projects you are a member of, eg RET then the deployment services milestone.

  • I'm a "member" in many milestones, but I don't know why

It's currently not possible to remove you from these groups, see T261642

It is showing milestones of projects you are a member of, eg RET then the deployment services milestone.

I'm not a member of either of those projects.

It's currently not possible to remove you from these groups, see T261642

Thanks!

There's Remove Administrator option at my user page. Should I just try that? (I'm not sure if anything could go wrong.)

@thcipriani I think removing myself from Phabricator administrators is the last thing to do. Should I just remove myself?

thcipriani updated the task description. (Show Details)

@thcipriani I think removing myself from Phabricator administrators is the last thing to do. Should I just remove myself?

I removed you. I think that means you've successfully shed all your Release-Engineering-Team powers. Declaring victory!