I support this access request, and will be happy to provide assistance to @TheresNoTime if needed. 👍

I also support this request, TNT had production access before and trusted and has been instrumental in lot of work in incidents and any area possible. So much <3 for her.

Are there Gerrit patches that this search doesn't pick up? No issue from me on trust or competence, but I think people should have some more MediaWiki dev experience before doing deployments.

In T302231#7727015, @Legoktm wrote:

Are there Gerrit patches that this search doesn't pick up? No issue from me on trust or competence, but I think people should have some more MediaWiki dev experience before doing deployments.

Unfortunately, I have to second Legoktm here. @TheresNoTime is helpful and trusted (hopefully, soon to be a WM steward again), but her profile isn't what I'm generally looking for in new deployers.

In addition to that, in general, I'm not a fond of granting additional access (especially as high as deployment) based on a single incident.

her profile isn't what I'm generally looking for in new deployers.

Well, I think we should be more inclusive in our deployers, not every deployer need to have a deep knowledge of ins and outs of MediaWiki. Specially not at first.

I'm not a fond of granting additional access (especially as high as deployment) based on a single incident.

I'm not sure I follow, it's not based on one single incident, it was a useful indicator that this should have been done sooner but not the reason to get access.

In T302231#7729155, @Ladsgroup wrote:

her profile isn't what I'm generally looking for in new deployers.

Well, I think we should be more inclusive in our deployers, not every deployer need to have a deep knowledge of ins and outs of MediaWiki. Specially not at first.

I'm not looking for a deep knowledge, but as my personal opinion, I don't think deployment should be one of the first things one starts to do.

I'm not a fond of granting additional access (especially as high as deployment) based on a single incident.

I'm not sure I follow, it's not based on one single incident, it was a useful indicator that this should have been done sooner but not the reason to get access.

I might be missing something, but in the task description, only T302047 is listed as a "deployment access would be useful for me here".

In T302231#7729265, @Urbanecm wrote:

In T302231#7729155, @Ladsgroup wrote:

Well, I think we should be more inclusive in our deployers, not every deployer need to have a deep knowledge of ins and outs of MediaWiki. Specially not at first.

I'm not looking for a deep knowledge, but as my personal opinion, I don't think deployment should be one of the first things one starts to do.

I agree with both of you. I would like to see TNT become a deployer! Maybe @thcipriani has a list of what they go over in training and what RelEng's expectations are, but I would expect deployers to be MW contributors who have submitted a few substantial patches. I think it's good to be able to eyeball a patch before deploying it and have some sense of how risky it might be, or being able to interpret an error message when something does go wrong, and have an idea of what the impact is like and what action should be taken in response. Knowing the various MW subsystems and how they interact helps with all of that, and the easiest way to demonstrate that knowledge is generally through Gerrit patches IMO (I am assuming, based on the patches I linked earlier, that it's not there yet, which I am very happy to be wrong about). I hope that's not too high of a bar, and think it is reachable within a month or two. I'm happy to suggest some tasks for TNT to work on and mentor+review those patches (with the caveat that I'm busy IRL for the next two weeks) if she's interested :-).

Hey all, sorry for the delay, I tested positive for COVID on Sunday and its been a little rough! Thank you all for the comments—I absolutely respect and appreciate those which put the safety and security of the project above any personal familiarity of who I am & my competencies. We owe it to the project to vet those who apply. I am happy to work with whomever, and for as long as necessary, to ensure my knowledge and experience is at the level the team expects 🙂

Perhaps this task can be "stalled" until such a time?

Specifically in the case of T302047, I would prefer that active contributors on primarily single Wikipedias not be deploying those patches. For example, and without getting into the details of the mitigation here, I think English Wikipedia has certain philosophical beliefs that are not shared throughout the Wikimedia projects, and while sometimes restrictions will have to be implemented to ensure for service/reliability reasons, they should be proportionate and the minimum necessary to deal with the threat. At times the IRC discussion involved suggestion of options that were either too extreme, too soon, or not the minimum necessary to mitigate the emergency issue. I think having detached deployers (IIRC one of which said they were mostly a backend person and not focused on the onwiki-side) who looked at the proposals and offered the feeling of space for anyone to raise objections before deployment, operating quickly but cautiously, was the best approach in that situation.

In T302231#7730446, @Legoktm wrote:

In T302231#7729265, @Urbanecm wrote:

In T302231#7729155, @Ladsgroup wrote:

Well, I think we should be more inclusive in our deployers, not every deployer need to have a deep knowledge of ins and outs of MediaWiki. Specially not at first.

I'm not looking for a deep knowledge, but as my personal opinion, I don't think deployment should be one of the first things one starts to do.

I agree with both of you. I would like to see TNT become a deployer! Maybe @thcipriani has a list of what they go over in training and what RelEng's expectations are, but I would expect deployers to be MW contributors who have submitted a few substantial patches. I think it's good to be able to eyeball a patch before deploying it and have some sense of how risky it might be, or being able to interpret an error message when something does go wrong, and have an idea of what the impact is like and what action should be taken in response. Knowing the various MW subsystems and how they interact helps with all of that, and the easiest way to demonstrate that knowledge is generally through Gerrit patches IMO (I am assuming, based on the patches I linked earlier, that it's not there yet, which I am very happy to be wrong about). I hope that's not too high of a bar, and think it is reachable within a month or two. I'm happy to suggest some tasks for TNT to work on and mentor+review those patches (with the caveat that I'm busy IRL for the next two weeks) if she's interested :-).

We do maintain a list of Backport team member roles, responsibilities, and tips

It's undoubtedly helpful to have submitted a few substantial patches, but, as it says on the page linked above, "Experience with MediaWiki and MediaWiki config changes a plus as that is the vast majority of changes that come through the backport process" is really the main thing.

@TheresNoTime one good way to gain experience with backports is through Deployment training — check it out if you have time!

Thank you 🙂 I'll see how T305191 goes!

I'm temporarily removing the SRE-Access-Requests tag, so that this doesn't shop up on our Clinic Duty workboard. When this is good to move forward, please simply re-add it.

Change 806391 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/puppet@production] Admin: grant samtar access to deployment

https://gerrit.wikimedia.org/r/806391

Change 806391 merged by Slyngshede:

[operations/puppet@production] Admin: grant samtar access to deployment

https://gerrit.wikimedia.org/r/806391

Just adding my very late support to this, @TheresNoTime has been doing great MW work lately :)