For search keyword access/research-->understand use cases of readers.
Yeah, the only way to get every site that works well is to actually share the password which is what I think is what would have to happen here if he wants all mobile sites. (which for the record he said he needed in an email with me before filing the task)
It's not the only way to share the master password, it's just tedious work to add a delegated user to every single project because the UI makes you do it one by one. The password file has this readme section where it says "In order to have individual accountability, *delegate* Google Webmaster Tools access", but yea, it's a lot of clicking.
Google account for Google Webmaster Tools Make sure you know what you're doing when using Google Webmaster Tools. In order to have individual accountability, *delegate* Google Webmaster Tools access from the firstname.lastname@example.org Google Webmaster Tools console to an @wikimedia.org Google Apps account, the person behind which is a WMF employee or agent under NDA. Use that delegated account to take Google Webmaster Tools actions on sites defined under the email@example.com Google Webmaster Tools profile. Define sites using the firstname.lastname@example.org account, but use the delegated account for taking other actions on the actual sites. Only WMF employees or those with an NDA may be delegated Google Webmaster Tools access from the email@example.com Google Webmaster Tools console. If you believe your account delegated Google Webmaster Tools access has been breached, contact ops immediately to have delegation revoked while you restore your access. Similar logic applies to a computer breach involving a computer that you use to login to @wikimedia.org Google Apps.
Yeah, which is why in the past I think that for anyone who actually needed them all we gave the password (at this point we have more then 1000 sites listed, so many in fact that yesterday we got an email saying they changed their policy and we can't add more until we delete more to get below 1000) though that has still been very rare, most just get a couple delegated sites.
I'm not against giving Jon that access (or or that matter having one or multiple of us sit there and share a bunch of the wikipedias) I just think we need to ensure that we have everything recorded for posterity.
if necessary yeah, I'm going to look through it at some point (maybe some night/over the weekend) because I have a stinking feeling there are a fair bit of duplicative "sites" listed (people listing a single page etc) that we can remove. Starting to do another one could be a bit of a pita because right now we are using some relatively universal verification methods.
Delegating any large (greater than a few hundred) number of sites is essentially unscalable (hours of error-prone clicking); and sharing the password to the root authority is undesirable.
Unless Jon can provide a limited subset of sites we can reasonably delegate by hand, the only realistic solution I see is to script something that will repeatedly poke at Google's web interface - which requires some dev time and testing. This becomes more obviously worthwhile if it is likely that other requests of the kind may occur in the future.
@JKatzWMF: What makes sense to you?
If it makes it easier, I would limit it to the following wikis: en.wikipedia, zh.wikipedia, de.wikipedia, es.wikipedia, fr.wikipedia, jp.wikipedia, commons.wikimedia, in desktop, mobile, and app. That's 21 total and hopefully doable.
I will mention, though, that seems a little arbitrary since I know other PM's have full access using root.
For better or worse it still seems like the best move right now is to give the password file to Jon given the bulk of wikis. We should, however, have a separate discussion about trying to make this process better and more secure without sharing the password for all mass users. Unless someone says stop I will share the password file securely with Jon Monday afternoon pacific.