Page MenuHomePhabricator
Create Task
Maniphest T364516

Look for ways to consolidate "we trust this human" access lists
Open, Needs TriagePublicFeature
Actions

Description

Many developer experience connected systems use allow lists to grant rights to trusted technical contributors. Generally these allow lists are needed to limit the harm caused by unknown users in systems which do not have the sort of deeply integrated mechanisms for cleaning up vandalism that MediaWiki provides. Even in MediaWiki we often use things like autoconfirmed status as a floor to establish trust and allow some actions.

A growing problem for onboarding and reducing friction experienced by new technical contributors is the number and diversity of such allow lists. In a more ideal world we would have a single source of truth for establishing trust rather than a unique list for each service.

Known allow lists:

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT142815 Enhance account handling (meta bug)
 OpenFeatureNoneT364516 Look for ways to consolidate "we trust this human" access lists

Event Timeline

bd808 created this task.May 8 2024, 9:24 PM
bd808 changed the subtype of this task from "Task" to "Feature Request".
bd808 added a comment.May 8 2024, 9:29 PM

The Developer account <-> SUL user mappings that Bitu is now maintaining in LDAP are likely to be of help with this project. Striker has a legacy feature that needs to be updated to also use LDAP for storage (T148048: Store Wikimedia unified account name (SUL) in LDAP directory). A third source of these mappings is right here in Phabricator where a given account can be linked to either a SUL account, a Developer account, or both.

bd808 added a comment.May 8 2024, 9:31 PM

Tool-gitlab-account-approval is attempting to leverage existing allow lists from Gerrit, Phabricator, and Toolforge to establish trust in GitLab. My involvement with that project is part of why I started thinking about this general issue and its complexities.

Peachey88 subscribed.May 8 2024, 9:33 PM
Pppery subscribed.May 9 2024, 1:44 AM
Chlod subscribed.May 9 2024, 2:45 AM
brennen subscribed.May 9 2024, 3:37 AM
hashar removed projects: Continuous-Integration-Config, Gerrit.May 15 2024, 8:13 AM
hashar subscribed.

I am removing Gerrit and Continuous-Integration-Config since this task is not immediate actionable for any of those projects and that requires preliminary work above those specific projects.

bd808 added a comment.May 15 2024, 8:32 PM
In T364516#9798495, @hashar wrote:

I am removing Gerrit and Continuous-Integration-Config since this task is not immediate actionable for any of those projects and that requires preliminary work above those specific projects.

The task is not immediately actionable to any single system that currently maintains a trusted user list. Where should we park it to actually get a chance of being triaged by a team and assigned so resources someday?

brennen moved this task from Inbox to Auth & Access on the GitLab board.Jun 26 2024, 8:36 PM
brennen edited projects, added GitLab (Auth & Access); removed GitLab.
Nemoralis subscribed.Aug 29 2024, 9:10 PM
Aklapper moved this task from To Triage to External on the Phabricator board.Tue, Dec 17, 2:27 PM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptTue, Dec 17, 2:27 PM
hashar unsubscribed.Tue, Dec 17, 2:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits