For anyone unaware, in 2014 I created a bot task to maintain a page on Meta[1] showing the special Wikimedia Projects rights being allocated to WMF employees and contractors, without following normal community processes. The bot mirrors data from a Google Spreadsheet maintained by the WMF. Back in 2014, this was praised as a positive move forward by the WMF in applying our joint commitment to transparency.
Unfortunately the spreadsheet appeared to drop off the radar last year and fell into disuse, only being updated after public complaint. The spreadsheet has not been updated since November 2015 (over six months ago), includes staff who have now left and presumably excludes several recent changes to employee rights.
Could the WMF please make a positive policy decision to ensure the open publication of special project rights for its employees becomes a required part of the procedure, and business as normal? Failing this, if rights are to continue to be allocated behind closed doors, with some rights being allocated for just a few days at a time so never appearing on this spreadsheet, can the rationale for managing project rights this way please be explained to the wider community so that we might be allowed the opportunity to ask basic questions?
Links 1. https://meta.wikimedia.org/wiki/WMF_Advanced_Permissions
Thanks, Fae
All WMF staff accounts are now required to have "WMF" in their username, so it's pretty obvious which accounts have rights for work purposes. Given this, is that list of advanced permissions still necessary?
Disclosure: I personally think it would be easier for all WMF staff to be put into one or two usergroups, rather than the variety of groups existing now and some access to non-staff rights on top of that.
Adrian Raddatz
On Fri, Jun 3, 2016 at 6:40 AM, Fæ faewik@gmail.com wrote:
For anyone unaware, in 2014 I created a bot task to maintain a page on Meta[1] showing the special Wikimedia Projects rights being allocated to WMF employees and contractors, without following normal community processes. The bot mirrors data from a Google Spreadsheet maintained by the WMF. Back in 2014, this was praised as a positive move forward by the WMF in applying our joint commitment to transparency.
Unfortunately the spreadsheet appeared to drop off the radar last year and fell into disuse, only being updated after public complaint. The spreadsheet has not been updated since November 2015 (over six months ago), includes staff who have now left and presumably excludes several recent changes to employee rights.
Could the WMF please make a positive policy decision to ensure the open publication of special project rights for its employees becomes a required part of the procedure, and business as normal? Failing this, if rights are to continue to be allocated behind closed doors, with some rights being allocated for just a few days at a time so never appearing on this spreadsheet, can the rationale for managing project rights this way please be explained to the wider community so that we might be allowed the opportunity to ask basic questions?
Links
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
---------- Forwarded message ---------- From: Fæ faewik@gmail.com Date: 25 September 2015 at 08:52 Subject: Re: [Wikimedia-l] WMF Advanced Permissions To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org
On 25 September 2015 at 05:46, James Alexander jalexander@wikimedia.org wrote:
Hey Fae,
As you know that I'm responsible for the spreadsheet that your bot is
copying to make that spreadsheet (since you're one of the ones who asked me to make the process more transparent) I would have really appreciated a more private email before this public one. That said, yes there have both been some changes on the private versions of the sheet that caused the public version to break as well as very few actual rights changes which means I haven't been looking at it often. Because of a back log of issues within my Trust and Safety work I haven't been able to fully find the time to fix and update everything but I actually have time set aside on my calendar on Monday to do that :).
Sent from my iPhone
James Alexander Legal and Community Advocacy Wikimedia Foundation +1 415-839-6885 x6716
Thanks for your commitment to get this up to date.
Had my question been about the performance of a named employee, I would have sent a private email out of courtesy. This was a simple non-critical question about WMF transparency, following on from an original open discussion a long time ago on this list. This makes this list the best open place to raise the question.
I feel that it is ethical to all encourage volunteers to feel free to ask questions about WMF transparency in the open. It would be a positive and ethical approach to take. Making it appear that a volunteer has done something wrong when they try to do so is not a healthy direction to go in.
Thanks, Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Fri, Jun 3, 2016 at 5:40 AM, Fæ faewik@gmail.com wrote:
For anyone unaware, in 2014 I created a bot task to maintain a page on Meta[1] showing the special Wikimedia Projects rights being allocated to WMF employees and contractors, without following normal community processes. The bot mirrors data from a Google Spreadsheet maintained by the WMF. Back in 2014, this was praised as a positive move forward by the WMF in applying our joint commitment to transparency.
Unfortunately the spreadsheet appeared to drop off the radar last year and fell into disuse, only being updated after public complaint. The spreadsheet has not been updated since November 2015 (over six months ago), includes staff who have now left and presumably excludes several recent changes to employee rights.
While the recording is still being done it's clear the mirroring broke. I'll go make sure it's up to date and mirrored correctly so that can be updated over the course of today.
Could the WMF please make a positive policy decision to ensure the open publication of special project rights for its employees becomes a required part of the procedure, and business as normal?
This quarter we've been putting together a more organized policy on our staff rights so that they can be expanded to allow for rights to be granted by someone other then just me which is an obvious bus factor and encourages transparency and openness to slip through the cracks in favor of efficiency and speed. That said we have certainly not been making any direct attempt to hide changes or be less transparent about it.
Recently, for example, we created a meta specific 'local' right for the Support and Safety team https://meta.wikimedia.org/wiki/Meta:WMF_Support_and_Safety (creating that page before it was launched) which was a direct response to Steward requests (and others) to ensure we had global actions such as account locks, global blocks, user rights changes etc centralized on meta rather then spread out over 900+ wikis where there was no oversight from volunteers for those actions. It also allowed us to remove all of those rights from the global 'staff' right because others there didn't need them. (which leads to below)
Failing this,
if rights are to continue to be allocated behind closed doors, with some rights being allocated for just a few days at a time so never appearing on this spreadsheet, can the rationale for managing project rights this way please be explained to the wider community so that we might be allowed the opportunity to ask basic questions.
In general our goal is to ensure staff have the rights they need to do their job (whether that's testing a bug, carrying out office actions and legal process, protecting setting up grant processes and fundraising banners or something more unique). We also strive to reduce the attack vector as much as possible, as much as possible staff shouldn't have rights they 'don't' need to do their job and they shouldn't have rights much longer then they actually need them. Because of this I think short term rights (and occasionally unique rights) are useful tools to ensure that staff can do their job while remaining with as little access as possible. In the past everyone having one giant 'all rights staff group' made some sense but at the size the WMF is now I'm not sure it does.
James Alexander Manager Trust & Safety Wikimedia Foundation
A few comments:
Limiting staff rights to being on an as-needed basis makes good sense to me. There have a few incidents where staff have taken actions that they shouldn't. Limiting the scope of staff rights helps to contain the potential problems.
I'm sure that rights management becomes a more and more complex and time-consuming task with such a large headcount in WMF.
As rights become more granular, understanding them and understanding logs becomes complex too, so I'm hoping that we can try to find a good balance between having rights and logs that are granular with having rights and logs that are relatively easy for humans to understand and audit.
Thanks,
Pine
wikimedia-l@lists.wikimedia.org