On Sat, May 11, 2013 at 5:04 PM, MZMcBride <z(a)mzmcbride.com> wrote:
Leslie Carr wrote:
* Shell
access has been restricted to staff only (no more volunteer
sysadmins).
Someone better tell that to domas and his ssh key.
As someone tasked with protecting the servers, ssh keys should be
restricted as much as possible, both with staff and volunteers. that is
technical and not political.
That was just sloppy wording on my part, apologies. Shell/root access has
been indeed been restricted to staff only. About four users have been
grandfathered in (Domas, Jens, River, Robert S.). I'll note that these
users have all contributed an enormous amount (for free!) to the Wikimedia
movement. They deserve only our appreciation for the volunteer work
they've done. And they serve as a model of what trusted volunteers can do.
Please don't suggest that this has anything to do with technical
decisions. Even a child can see that this is pure politics.
Leslie, do you agree with these policies that remove all non-staff from
positions of trust? Do you agree with creating tiers between staff and
everyone else?
I have no opinion on all the other policies - my concern, expertise,
and really the only place I think my opinion even matters is for the
servers.
My opinion is that we should restrict any ssh access on the cluster to
those who have demonstrated that they both need it and can handle the
responsibility. If a volunteer has been very responsible in labs and
has a demonstratable need, I'd be fine with that. The reason that ops
staff get ssh access and root is that we (hopefully) during our
interview and references have demonstrated the ability to handle the
access responsibly, have a need, and on top of that have signed a big
stack of paperwork. But the more that we can do on labs without ever
touching production, the better off the stability of the cluster.
Also I believe that several analytics folks ( under admins::restricted
in admins.pp ) are not employees but do have some ssh access.
Leslie
MZMcBride
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
--
Leslie Carr
Wikimedia Foundation
AS 14907, 43821
http://as14907.peeringdb.com/