Page MenuHomePhabricator
Create Task
Maniphest T299839

Clarify whether members of ldap/nda should be added to #WMF-NDA
Open, MediumPublic
Actions

Description

@Dzahn wrote this a few days ago.

<mutante> there is a "when added to LDAP wmf you automatically also get Phab WMF-NDA" nowadays
<mutante> but maybe not the same for "nda", not the automatic part
<mutante> feel free to reopen that ticket to ask for phab nda

Basically this is the volunteer counterpart of T290605: When WMF staff requests to be added to ldap/wmf, also add their Phabricator account to #WMF-NDA.

Related Objects
Search...

Event Timeline

Zabe created this task.Jan 22 2022, 10:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2022, 10:27 PM
Volans added subscribers: KFrancis, MoritzMuehlenhoff, mark and 2 others.EditedJan 25 2022, 4:39 PM

Adding WMF-NDA-Requests, @mark, @faidon and @MoritzMuehlenhoff for SRE, Security and @KFrancis for feedback.

One thing to clarify is how we can ensure that the off-boarding process from this group will be performed when the NDA expires or is revoked.
Is that already covered by the offboarding script?

Ladsgroup triaged this task as Medium priority.Jan 31 2022, 8:34 AM
MoritzMuehlenhoff added a comment.Jan 31 2022, 9:43 AM
In T299839#7649515, @Volans wrote:

Adding WMF-NDA-Requests, @mark, @faidon and @MoritzMuehlenhoff for SRE, Security and @KFrancis for feedback.

One thing to clarify is how we can ensure that the off-boarding process from this group will be performed when the NDA expires or is revoked.
Is that already covered by the offboarding script?

Yes, that is covered by the offboarding script, the NDA group is Phabricator is a privileged group and "offboard -p" removes access to it (which gets run as part of offboarding in the part handled by SRE).

taavi subscribed.Jan 31 2022, 9:47 AM
In T299839#7649515, @Volans wrote:

One thing to clarify is how we can ensure that the off-boarding process from this group will be performed when the NDA expires or is revoked.

The nda ldap group (which this task is about) is explicitely for volunteers and not staff.

MoritzMuehlenhoff added a comment.Jan 31 2022, 10:13 AM
In T299839#7662797, @Majavah wrote:
In T299839#7649515, @Volans wrote:

One thing to clarify is how we can ensure that the off-boarding process from this group will be performed when the NDA expires or is revoked.

The nda ldap group (which this task is about) is explicitely for volunteers and not staff.

A large chunk of cn=nda members are researchers with time-limited access which do get tracked by the WMF offboarding process (an estimate is given until when the project will be completed and than access is extended or revoked as needed).

The volunteer NDA isn't time-limited, as such there's also no specific offboarding (except when people ask for their access to be removed or potentially if the access needs to be removed for other reasons (e.g. violation of terms of use)).

Ladsgroup subscribed.Feb 19 2022, 7:42 PM
MatthewVernon subscribed.Feb 21 2022, 2:09 PM

Does this still need WMF-NDA-Requests tagging in it? It means it appears in the Clinic Duty dashboard, which is probably not what we want?

Zabe added a comment.Feb 22 2022, 2:01 PM
In T299839#7725662, @MatthewVernon wrote:

Does this still need WMF-NDA-Requests tagging in it? It means it appears in the Clinic Duty dashboard, which is probably not what we want?

Not sure what the correct tags are, I copied them from T290605.

MatthewVernon removed a project: LDAP-Access-Requests.Feb 22 2022, 2:19 PM
Zabe added a comment.Sep 15 2022, 10:46 PM

It was now also implemented that members of ldap/wmde should be added to WMF-NDA, see https://wikitech.wikimedia.org/w/index.php?title=SRE/Clinic_Duty/Access_requests&diff=2012791&oldid=2012786.

jbond closed this task as Resolved.May 23 2023, 12:51 PM
jbond claimed this task.
jbond edited projects, added Infrastructure-Foundations; removed SRE.
jbond subscribed.
In T299839#8240987, @Zabe wrote:

It was now also implemented that members of ldap/wmde should be added to WMF-NDA, see https://wikitech.wikimedia.org/w/index.php?title=SRE/Clinic_Duty/Access_requests&diff=2012791&oldid=2012786.

going to close this task but please re-open if there is still an outstanding action

Dzahn added a comment.EditedMay 23 2023, 9:50 PM
In T299839#8873361, @jbond wrote:

going to close this task but please re-open if there is still an outstanding action

So what is the outcome? Should members of ldap/nda be added to WMF-NDA or not?

Dzahn reopened this task as Open.May 23 2023, 9:51 PM
jbond added a comment.May 24 2023, 9:59 AM
In T299839#8875020, @Dzahn wrote:
In T299839#8873361, @jbond wrote:

going to close this task but please re-open if there is still an outstanding action

So what is the outcome? Should members of ldap/nda be added to WMF-NDA or not?

Ahh sorry the diff is only about the wmde group. ill clarify and update

Dzahn added a comment.May 24 2023, 4:35 PM

Yea, basically the wmde things was given as an example, or further support argument. But I don't think we have resolved the original ticket yet. So thank you for that!:)

Dzahn mentioned this in T340572: Security Issue Access Request for RhinosF1.Jun 27 2023, 7:37 PM
Dzahn added a comment.Jun 27 2023, 7:43 PM

This is coming up again. Also see T338611#8969307

We would still benefit from this being clarified and resolved.

LSobanski subscribed.Jul 3 2023, 11:42 AM
Dzahn mentioned this in T341272: Volunteer NDA for RhinosF1.Jul 7 2023, 4:25 PM
Aklapper added a comment.Jul 7 2023, 5:34 PM

@jbond: How could we make some progress here and who could drive it as this issue is repeatedly biting us? (For the records, the "staff counterpart" of this task got resolved in T290605: When WMF staff requests to be added to ldap/wmf, also add their Phabricator account to #WMF-NDA.) Thanks in advance for any hints!

Aklapper mentioned this in T349595: Clarify if NDAs (to access #WMF-NDA protected Phab tasks) are on paper or in Legalpad's L2 or both.Oct 24 2023, 10:36 AM
jbond reassigned this task from jbond to MoritzMuehlenhoff.Nov 20 2023, 4:05 PM
Dzahn mentioned this in T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group.Feb 29 2024, 9:39 PM
Dzahn added a subtask: T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group.

This is basically the reason we got T358578.

Dzahn added a parent task: T349595: Clarify if NDAs (to access #WMF-NDA protected Phab tasks) are on paper or in Legalpad's L2 or both.Feb 29 2024, 9:41 PM
Dzahn changed the status of subtask T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group from Open to In Progress.Mar 1 2024, 8:43 PM
Tobi_WMDE_SW subscribed.Mar 5 2024, 2:50 PM
Dzahn changed the status of subtask T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group from In Progress to Open.Fri, Apr 19, 4:56 PM
Dzahn added a comment.Fri, Apr 19, 5:30 PM

over at T349595#9598075 the L2 document has been retired and it has now been made official that NDA requests should go through Legal directly and signing L2 in Legalpad is not part of that process anymore

WMDE-leszek closed subtask T358578: Add WMDE staff who have signed the NDA with the WMF to the WMF-NDA phabricator policy group as Resolved.Fri, Apr 19, 5:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL