Page MenuHomePhabricator

Post-TechCom Gerrit privilege handout workflow
Open, MediumPublic

Description

Now that TechCom is being "obsoleted" and a future concept is being drafted, Developer-Advocacy may want to take a look at the process of granting and revoking Gerrit merge permissions.

Summary of my current understanding:

Event Timeline

Aklapper triaged this task as Medium priority.Jan 28 2021, 9:25 AM
Aklapper created this task.

Also wondering who to review/discuss/perform actions like adding repos to a group (see T273927) in the future...

  • We need someone on the team to join the Gerrit admin group (?) to be able to hand out +2.
  • We need to update the docs on-wiki.
  • Optional: Review criteria to get +2, e.g. non-trivial contributions.
  • When does our scope end? See previous comment.

Update:
As the Wikimedia Technical Committee (TechCom) has been superseded by the Technical Decision Forum, the Developer Advocacy team now owns the process of handling Gerrit+2 permissions.

In a recent meeting the Developer-Advocacy team discussed whether some team members should become members of the Gerrit admin group solely to hand out +2 in case of successful proposals/applications. We decided that it's against the principle of least privilege.

We had a quick sync with Tyler of WMF's Release-Engineering-Team. To paraphrase: Proposal is to (continue to) use the Gerrit-Privilege-Requests workboard which has some Gerrit admins watching it, and to tag both Release-Engineering-Team and Gerrit-Privilege-Requests on such requests.
The current shared "SLA" understanding is that we'd like to handle positive proposals within approximately two weeks.

Developer-Advocacy will have to more closely monitor tasks on that board, and regularly discuss and follow up on open +2 proposals.
It would also be up to Developer-Advocacy to reach out for further input on +2 proposals.

Update:
As the Wikimedia Technical Committee (TechCom) has been superseded by the Technical Decision Forum, the Developer Advocacy team now owns the process of handling Gerrit+2 permissions.

...decided by who?

Hey @Legoktm Not all of TechCom’s former responsibilities - or perceived responsibilities - are routed through the new Tech Decision Forum. One of these is the Gerrit Privilege Policy. Those types of decisions are listed in the technical decision type matrix, along side with new responsible parties. “Ownership” means that the team is responsible for ensuring process continuity for Gerrit Privilege requests in the post TechCom world, and to step into TechCom’s former role where required. Handling privilege requests is in most of the cases a self-running system supported by many - Gerrit Privilege policy applies. This ticket explores what needs to be done to make sure the process always works - I.e. in cases where there is not enough input, or not a clear outcome, or when no one acts on a positive decision (which I’d assume, is seldom the case, but we should plan for it regardless). The other aspect that needs discussion is which process we should establish for making changes to the Gerrit Privilege Policy in the future.

Those types of decisions are listed in the technical decision type matrix, along side with new responsible parties. “Ownership” means that the team is responsible for ensuring process continuity for Gerrit Privilege requests in the post TechCom world, and to step into TechCom’s former role where required.

Thanks for clarifying, I had read that part and thought it was examples ("Below are typical decisions from the existing RFC process..."), not explaining who the new owners are.

Brought up in Developer-Advocacy team meetings, but we have not made progress so far, mostly due to capacity reasons. :(

The lack of progress in this task blocks slows down development work, see e.g. T286084.