Hello, So what is the process for adding people to +2 on gerrit repos im the primary maintainer of (for example my ZppixBot toolforge gerrit repo) -- Devin “Zppix” CCENT Volunteer Wikimedia Developer Africa Wikimedia Developers Member and Mentor Volunteer Mozilla Support Team Member (SUMO) Quora.com Partner Program Member enwp.org/User:Zppix **Note: I do not work for Wikimedia Foundation, or any of its chapters. I also do not work for Mozilla, or any of its projects. **

On Wed, Mar 13, 2019 at 5:33 PM Tim Starling <tstarling(a)wikimedia.org> wrote: Does the policy apply to Toolforge tools at all? The current text says "For extensions (and other projects) not deployed to the Wikimedia cluster, the code review policy is up to the maintainer or author of the extension." I'd assume that by extension managing +2 permissions is also up to them (although this is not explicitly stated, might be worth clarifying).

On Sat, 16 Mar 2019 at 03:01, Tim Starling <tstarling(a)wikimedia.org> wrote: I feel that this policy, although well-meaning, and a step forwards for MediaWiki and other WMF-production software, is unreasonably being applied as a 'one-size-fits-all' solution to situations where it doesn't make sense. Two examples where the policy does not fit the Toolforge situation: 1. According to the policy, self-+2'ing is grounds for revocation of Gerrit privileges. For a Toolforge tool, self +2-ing is common and expected: the repository is hosted on Gerrit to allow for CI and to make contributions from others easier, not necessarily for the code review features. 2. Giving someone +2 access to a repository now needs to pass through an extended process with checks and balances. At the same time, I can *directly and immediately give someone deployment access to the tool.* Effectively, this policy forces me to move any tool repositories off Gerrit and onto GitHub: time and effort better spent otherwise. Merlijn

On 2019-03-16 14:48, Merlijn van Deen (valhallasw) wrote: The policy calls out this case as acceptable: "For extensions (and other projects) not deployed to the Wikimedia cluster, the code review policy is up to the maintainer or author of the extension. Some non-Wikimedia extensions follow Wikimedia's policy of prohibiting self-merges, but there is no requirement of that. If you are the only person writing the extension and have nobody to review your change, or if the extension is abandoned, it is acceptable to self-merge your changes." -- Bartosz Dziewoński

So your basically telling me, I can’t decide who gets the power to +2 on for example a toolforge tool I actively am the primary maintainer of? Instead it has to be requested. I do not disagree with a lot of the changes to technical policies, but with this change it seems to restrict ability to scale projects. I also do believe that this change should of be taken under RfC or some sort of consensus-gaining measure. I respect the intentions, but I absolutely think the change needs reverted then voted on by the technical community. -- Devin “Zppix” CCENT Volunteer Wikimedia Developer Africa Wikimedia Developers Member and Mentor Volunteer Mozilla Support Team Member (SUMO) Quora.com Partner Program Member enwp.org/User:Zppix **Note: I do not work for Wikimedia Foundation, or any of its chapters. I also do not work for Mozilla, or any of its projects. **

Andre, from what im gathering from this thread thats not what I understand, so i redact the part of my last email about toolforge, however my point on this policy change should of been put to a community vote/consensus is valid. -- Devin “Zppix” CCENT Volunteer Wikimedia Developer Africa Wikimedia Developers Member and Mentor Volunteer Mozilla Support Team Member (SUMO) Quora.com Partner Program Member enwp.org/User:Zppix **Note: I do not work for Wikimedia Foundation, or any of its chapters. I also do not work for Mozilla, or any of its projects. **

I just want to point out that this wasn't "handed down by a CTO", it was a RFC [1] that and was open for discussion to everyone and was discussed extensively (and the RFC changed because of these discussions, look at the history of the page), then had an IRC meeting that was also open to everyone, then had a "last call" period for raising any objections which was open to everyone too. That passed with no objection being raised and then it also got approved by the CTO. I might be wrong, but if I understand the structure of TechCom correctly (correct me if I'm wrong), it's open and transparent, the CTO can veto changes (which hasn't happened so far), but it's not like a CTO would just implement a new policy without discussion. This process is more open and transparent than most companies and non-profits. [1]: https://phabricator.wikimedia.org/T216295 Best On Sat, Mar 16, 2019 at 9:22 PM Yuri Astrakhan <yuriastrakhan(a)gmail.com> wrote: -- Amir

Hello, Would <https://www.mediawiki.org/wiki/Topic:Uvuzn1y39ik2f7ko> still be acceptable? Creating repos also involve self-merging stuff (.gitreview files mostly; also sometimes importing from GitHub). Best regards, M.

Am 16.03.19 um 18:40 schrieb Zppix: The relevant part of the policy reads: | If there is a consensus of trusted developers on the Phabricator task, any of | the Gerrit administrators can resolve the request. The task must remain open | for at least a week, to allow interested developers to comment. Additional | time should be allowed if the request is open during travel or holiday | periods. So, if you are the one trusted developer on the project, and nobody else cares, +2 will generally be given after a week. The rationale for requiring a request instead of allowing the owners of git repos to gran permissions themselves is two-fold: 1) limiting the impact of compromised volunteer accounts. A compromised account that can give +2 rights is more problematic than a compromised account that has +2 rights. It's much easier for WMF to ensure the security of staff accounts. 2) allowing the developer community to raise objections against individuals they have had bad experiences with in the past. The person asking you for +2 rights may seem nice enough to you, but giving others an opportunity to chime in seems prudent. Both are potential issues for granting maintainer rights on a toolforge project as well. And perhaps the policy for that should also be revised - perhaps there should be a distinction between "high impact" and "regular" tools. But that is beyond the scope of this policy, and this discussion. That would be the case if the above requests were not handled in a timely manner. If this should be the case, please complain loudly so we can fix it. Or do you think one week is an unreasonably long time? It did go though the RFC process, including an IRC discussion and a last call period. Do you have a suggestion for how and where we could have publicized this more, to gather more feedback? -- Daniel Kinzler Principal Software Engineer, Core Platform Wikimedia Foundation

On Sat, 2019-03-16 at 12:59 +1100, Tim Starling wrote: Thanks! I've updated its Phab project description to explain where to go instead now, in case there are lingering links out there. andre -- Andre Klapper | Bugwrangler / Developer Advocate https://blogs.gnome.org/aklapper/