[Labs-l] Considering restriction of project membership to sysadmin role

Petr Bena benapetr at gmail.com
Mon Apr 2 21:17:40 UTC 2012 

I hope Reedy is going to something then :-)

On Mon, Apr 2, 2012 at 10:41 PM, Ryan Lane <rlane32 at gmail.com> wrote:
> I had made a proposal earlier that people use LQT on project
> discussion pages for project access. I don't like the unified request
> page, since most of the requests are project specific.
>
> If people request access to bastion on bastion's discussion page, I'll
> see it, and I'll handle it. Other people who are sysadmins should do
> the same.
>
> In the future I'd prefer that not everyone can give access to bastion.
> It's great that you're helping out with that, but I like to ask people
> why they need Labs access before I give it to them. Some people want
> Labs access just because they want shell, but aren't going to be
> working on anything. I'd prefer people only have access if they'll
> actively be doing something.
>
> On Tue, Apr 3, 2012 at 5:30 AM, Petr Bena <benapetr at gmail.com> wrote:
>> I have a bit negative reaction :) I am not any admin of labs and I had
>> to add about 4 people to bastion already including Reedy otherwise
>> they wouldn't have access at all. If you do this are you going to
>> watch the request page more carefully? The access to project with no
>> access to bastion is of no use
>>
>> On Mon, Apr 2, 2012 at 10:27 PM, Ryan Lane <rlane32 at gmail.com> wrote:
>>> I'm considering a change to project membership and would like to seek opinions:
>>>
>>> Currently, any member of a project can add or remove another member.
>>> This enables a more collaborative environment, but also makes things a
>>> little insecure. Eventually, we'd like to open registration of
>>> labsconsole to allow anyone to have an account. By default people will
>>> only have rights to edit the wiki. However, if they were added to a
>>> project then they'd also have shell access inside of labs. We've been
>>> mostly limiting labs access via the bastion project. Right now it's
>>> possible for anyone to add/remove people in that project if they are a
>>> member. We track this via recent changes, and can remove/readd people
>>> at will.
>>>
>>> By limiting this access to the sysadmin role, we can limit project
>>> membership to those responsible for the systems inside of the project.
>>> This will introduce a higher burden on sysadmin users, though.
>>>
>>> Unless I get fairly negative reaction on this change, I plan on
>>> pushing it out soonish. Thoughts?
>>>
>>> - Ryan
>>>
>>> _______________________________________________
>>> Labs-l mailing list
>>> Labs-l at lists.wikimedia.org
>>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l

More information about the Labs-l mailing list