Page MenuHomePhabricator

New "WMDE staff" user group for Wikidata
Closed, ResolvedPublic

Description

Per consensus on https://www.wikidata.org/wiki/Wikidata:Requests_for_comment/New_user_group_for_developers, a user group "WMDE staff" should be created for Wikidata.

  • User rights would be all those of administrators/bureaucrats; except the ability to add/remove users to/from user groups
  • Bureaucrats need the ability to add/remove users to/from this new group

Thanks,
SPQRobin


Version: wmf-deployment
Severity: enhancement

Details

Reference
bz72459

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 3:46 AM
bzimport set Reference to bz72459.
bzimport added a subscriber: Unknown Object (MLST).

I CC'd Lydia as I feel we can invalidate this bug by accessing whether the staff really still need access on their WMDE accounts.

I overlooked two things; my original comment should contain:

  • User rights would be all those of administrators/bureaucrats/translationadmins; except the ability to add/remove users to/from user groups (but they should be able to add/remove to/from their own user group)
  • Bureaucrats need the ability to add/remove users to/from this new group

gerritadmin wrote:

Change 168771 had a related patch set uploaded by Vogone:
Create new user group for WMDE staff at wikidatawiki

https://gerrit.wikimedia.org/r/168771

gerritadmin wrote:

Change 168988 had a related patch set uploaded by Vogone:
Add i18n for new 'wikidata-staff' user group

https://gerrit.wikimedia.org/r/168988

gerritadmin wrote:

Change 168988 merged by jenkins-bot:
Add i18n for new 'wikidata-staff' user group

https://gerrit.wikimedia.org/r/168988

gerritadmin wrote:

Change 168771 merged by jenkins-bot:
Create new user group for WMDE staff at wikidatawiki

https://gerrit.wikimedia.org/r/168771

I really dislike that it is named staff, which would imply that people who can not be contractually ordered to do something are excluded. And that the commit message indicates that it is organization centric, which would imply people not @wikimedia.de are excluded. IMHO the RFC got it right. (The RFC says neither do you need to be staff nor is it WMDE only.)

@jan: There is a small issue with that unfortunately. Users would need to be elected in this group if they are not WMDE staff because of a little policy WMF Legal have regarding access to deleted content. The broad 'developer' group would have been rejected without Legal's permission (which I do not believe they would give without an RfA-style process which defeats the purpose of this being an easy switch-on right).

That policy does not require being on staff, but an NDA on file with legal. One way to have that is via an employment contract with WMF. Another way is to be a volunteer that was asked to sign https://wikitech.wikimedia.org/wiki/File:Volunteer_Non-disclosure_Agreement_Template.pdf . So yes there is another requirement, so over all it would be developers with an NDA on file at WMF legal.

Not really. I have an NDA with Legal yet I will still require an RfA to view deleted revisions on Wikidata. An NDA is for the Foundation to manage legally how people have access to their information, not the communities information. Such as - viewing Oversighted information or CheckUser data requires identification which is a lot less than an NDA. The ideal of 'you need to have the community's trust or sign a legally binding agreement with us' seems a rather weird way to manage stuff.

Besides, as you can see in the comments of the RFC's, a significant part of the community voiced their opinion against this group being opened for non-staff (as opposed to what originally has been proposed). So "which would imply that people who can not be contractually ordered to do something are excluded" is true unless another community decision shows otherwise.

(In reply to John F. Lewis from comment #10)

The ideal of 'you
need to have the community's trust or sign a legally binding agreement with
us' seems a rather weird way to manage stuff.

That is not at all how it is nor what I want it to to be. One for sure needs to be trusted to get access to non-public data. Even more so for system level access instead of on wiki. That trust is just assessed in a different process instead of an RfA. The NDA is an additional requirement, not a sufficient one.

(In reply to Vogone from comment #11)

Besides, as you can see in the comments of the RFC's, a significant part of
the community voiced their opinion against this group being opened for
non-staff (as opposed to what originally has been proposed). So "which would
imply that people who can not be contractually ordered to do something are
excluded" is true unless another community decision shows otherwise.

You are right. I should have read the actual summary instead of only the request.

And I agree with the concerns that it should be more restricted than just any developer. I was more thinking of people who already have system level access on production e.g. for doing deployments, debugging, etc. .