Page MenuHomePhabricator
Create Task
Maniphest T302287

Requesting access to releaser for MarkAHershberger
Closed, ResolvedPublicSecurity
Actions

Description

Requestor provided information and prerequisites

  • Wikitech username: MarkAHershberger
  • Email address: mah@nichework.com
  • SSH public key: AAAAC3NzaC1lZDI1NTE5AAAAIDxsWf0h3IWL8we3b2WynSYIn4xJMu+tP1/e4GHxVnGf
  • Requested group membership: releasers-mediawiki
  • Reason for access: To upload tarballs for release
  • Name of approving party: @thcipriani
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: done
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml
  • - note: this relates to ongoing task T293323

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Risk Rating
Informational
Author Affiliation
Wikimedia Communities
SubjectRepoBranchLines +/-
admin: reactivate account for Mark Hershberger, add to Mediawiki releasersoperations/puppetproduction+5 -4
Customize query in gerrit

Related Objects

Event Timeline

MarkAHershberger created this task.Feb 22 2022, 2:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 22 2022, 2:22 PM
MarkAHershberger mentioned this in T302160: Grant Access to releasers-mediawiki for MarkAHershberger and Mglaser.Feb 22 2022, 2:24 PM
Maintenance_bot added a project: SRE.Feb 22 2022, 2:45 PM
MatthewVernon subscribed.Feb 22 2022, 3:47 PM

I think this is awaiting the resolution of T293323 also?

Dzahn subscribed.EditedFeb 22 2022, 4:37 PM

I don't think it is. That's just a regular access request. One person per ticket though, please.

edit: nevermind, it looks like it is indeed related. based on T293323#7724763

Dzahn changed the task status from Open to Stalled.Feb 22 2022, 4:41 PM
MarkAHershberger added a comment.Feb 22 2022, 8:32 PM
In T302287#7728896, @Dzahn wrote:

I don't think it is. That's just a regular access request. One person per ticket though, please.

I thought I had removed all references to mglaser. Fixing.

MarkAHershberger renamed this task from Requesting access to releaser for MarkAHershberger, Mglaser+ to Requesting access to releaser for MarkAHershberger.Feb 22 2022, 8:33 PM
MatthewVernon moved this task from Untriaged to In Discussion on the SRE-Access-Requests board.Feb 23 2022, 2:06 PM
jbond updated the task description. (Show Details)Mar 21 2022, 11:22 AM
jbond updated the task description. (Show Details)Mar 21 2022, 11:30 AM
jbond triaged this task as Medium priority.Mar 21 2022, 11:33 AM
jbond added subscribers: KFrancis, thcipriani, Jdforrester-WMF, jbond.

@KFrancis are you able to confirm NDA status for mark i dont see them i the spread sheet, thanks

@thcipriani would you be the correct person to act as the group approver?

@Jdforrester-WMF or @CCicalese_WMF are you able to confirm if/when we should action this ticket considering the discussion in T293323

KFrancis added a comment.Mar 21 2022, 5:01 PM

@jbond It doesn't look like we have one on file. @MarkAHershberger Thanks for providing your email address. In order to process this request, I will also need your mailing address. Please send that information to kfrancis@wikimedia.org. Thanks!

MarkAHershberger added a comment.Mar 21 2022, 5:35 PM
This comment was removed by thcipriani.
Zabe subscribed.Mar 21 2022, 5:37 PM
jbond raised the priority of this task from Medium to Needs Triage.Mar 21 2022, 5:45 PM
jbond set Security to Software security bug.
jbond added projects: Security, Security-Team.
jbond changed the visibility from "Public (No Login Required)" to "Custom Policy".
jbond changed the subtype of this task from "Administrative Request" to "Security Issue".

i have protected this due to address disclosure

jbond added a comment.Mar 21 2022, 5:48 PM

@MarkAHershberger i made this into a security task as i noticed you posted your address (although tyler has already removed it) and forwarded a copy to kate

jbond triaged this task as Medium priority.Mar 21 2022, 5:48 PM
jbond removed a project: Security-Team.
Zabe added a comment.Mar 21 2022, 6:05 PM
In T302287#7793808, @jbond wrote:

i have protected this due to address disclosure

The comment has been removed, so I guess this can be made public again?

jbond added a comment.Mar 21 2022, 6:18 PM
In T302287#7793905, @Zabe wrote:
In T302287#7793808, @jbond wrote:

i have protected this due to address disclosure

The comment has been removed, so I guess this can be made public again?

unfortunately i don't have the privileges to do that perhaps @Aklapper can help

sbassett changed Author Affiliation from N/A to Wikimedia Communities.Mar 21 2022, 6:35 PM
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed Risk Rating from N/A to Informational.
MarkAHershberger added a comment.Mar 21 2022, 6:45 PM

Thanks for handling this so quickly. I thought I had opened an email to Katie and was replying to it.

Zabe removed a project: Security.Mar 21 2022, 7:32 PM
KFrancis added a comment.Mar 21 2022, 11:03 PM

Thanks @jbond and @MarkAHershberger. The NDA agreement has been sent to you for signature via DocuSign.

KFrancis added a comment.Mar 22 2022, 4:40 PM

@jbond I am confirming the signed NDA. Please proceed with the access request. Thanks!

jbond updated the task description. (Show Details)Mar 22 2022, 5:02 PM
jbond added a comment.Mar 22 2022, 5:07 PM
In T302287#7797378, @KFrancis wrote:

@jbond I am confirming the signed NDA. Please proceed with the access request. Thanks!

thanks :)

@MarkAHershberger as a volunteer these requests need a WMF employee sponsor to vouch for you, are you able to arrange for some one to comment on this ticket. other then that i would just need approval from @thcipriani and clarity on how to proceeded regarding T293323

Dzahn added a comment.Mar 24 2022, 11:04 PM

I could sponsor hexmode (@MarkAHershberger).

thcipriani added a comment.Mar 24 2022, 11:07 PM
In T302287#7797522, @jbond wrote:
In T302287#7797378, @KFrancis wrote:

@jbond I am confirming the signed NDA. Please proceed with the access request. Thanks!

thanks :)

@MarkAHershberger as a volunteer these requests need a WMF employee sponsor to vouch for you, are you able to arrange for some one to comment on this ticket. other then that i would just need approval from @thcipriani and clarity on how to proceeded regarding T293323

Approved from my side. We won't be completely transitioning releases in the immediate future, but @MarkAHershberger will need access to ramp up on the process.

Dzahn moved this task from In Discussion to Ready To Go on the SRE-Access-Requests board.Mar 24 2022, 11:42 PM
Dzahn changed the task status from Stalled to In Progress.Mar 25 2022, 12:03 AM
gerritbot added a comment.Mar 25 2022, 12:09 AM

Change 773660 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: reactivate account for Mark Hershberger, add to Mediawiki releasers

https://gerrit.wikimedia.org/r/773660

gerritbot added a project: Patch-For-Review.Mar 25 2022, 12:09 AM
gerritbot added a comment.Mar 25 2022, 4:53 PM

Change 773660 merged by Dzahn:

[operations/puppet@production] admin: reactivate account for Mark Hershberger, add to Mediawiki releasers

https://gerrit.wikimedia.org/r/773660

Dzahn added a comment.Mar 25 2022, 4:56 PM
[releases1002:~] $ id mah
uid=1232(mah) gid=500(wikidev) groups=500(wikidev),711(releasers-mediawiki)

[releases2002:~] $ id mah
uid=1232(mah) gid=500(wikidev) groups=500(wikidev),711(releasers-mediawiki)
Maintenance_bot removed a project: Patch-For-Review.Mar 25 2022, 5:10 PM
Dzahn claimed this task.Mar 25 2022, 6:39 PM
Dzahn updated the task description. (Show Details)
herron closed this task as Resolved.Mar 28 2022, 2:41 PM
herron updated the task description. (Show Details)
herron subscribed.

Resolving as the near-term access requested in the description has been provisioned, please reopen if any follow up is needed. Thanks!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL