Le 13/03/2016 03:09, Andreas Kolbe a écrit :
things like standard boilerplate language to be signed
> all employees doesn't strike me as
something in and of itself to be kept
> private - there is a valid interest in showing that our policies are
> fair and humane for employees, responsible in terms of the privacy of
> personal information, etc.
Nothing appears to have happened since then – we seem to be no nearer to
transparency about the non-disclosure agreements and non-disparagement
clauses WMF staff have to sign than we were two weeks ago, when discussion
around this topic kicked off in another thread.
This seems to be a recurring (and daunting) pattern. People call for
transparency about a particular issue. Eventually, someone in a leadership
position responds that yes, demands for transparency about this issue are
quite reasonable, and in fact more transparency would be absolutely
At this point, people relax, feeling they have been heard. The clamouring
crowd disperses. But in fact, nothing happens, and the same questions arise
again some weeks, months, years down the line.
Maggie, is this something your department could take on? It would be good
to have one identified person at the Foundation who is responsible for
tracking such queries and reporting back to the community, one way or the
I am a contractor to the WMF and have signed a wild range of legal
documents. Both to protect my company, myself, the Wikimedia Foundation
Organization and the end-users.
Among such documents, there is the Non Disclosure Agreement which is
pretty much standard whenever an organization deal with any kind of
sensitive informations. Wikimedia Foundation handles emails, passwords,
email address, IP address and most probably payment information for the
fundraising and shop.
To the best of my knowledge such agreements are not public, but honestly
there is no conspiracy behind that. There are public clues though:
Others at: https://meta.wikimedia.org/wiki/Legal#Policies
Volunteers (ie neither staff or contractors) might have to sign a NDA
whenever they get privileged access. The process is on:
What I suspect is granting public read access to the NDA would also
disclose the list of signer and that might be a problem for people using
a pseudonym. But do not quote me on that.
For access to the servers, there is another document. It is a mix of
technical recommendations and again a remember about sensitive data. An
example would be: https://www.debian.org/devel/dmup
The short version is: do not mess with the infrastructure or extract
sensitive informations. You will be prosecuted.
As for why you haven't had anyone reply back, a few hints:
* ED has changed
* folks are busy
* not everyone monitor wikimedia-l
So I would assume good faith: probably nobody noticed the request hidden
somewhere in a thread.
Since NDA is a legal document, I would highly recommend you to reach out
directly to their Legal team:
, apparently the answers@ email
would be a good entry point.
(I have read/signed the documents there is nothing any important for the
end users to see beside what is already publicly available. They can
probably be made public. In effect there is no conspiracy.)
Hope it helps.
Antoine "hashar" Musso