On 06/22/2013 03:02 PM, Brian Wolff wrote:
On 2013-06-22 6:49 PM, "Thehelpfulone"
<thehelpfulonewiki(a)gmail.com> wrote:
On 22 June 2013 22:33, Alex Monk <krenair(a)gmail.com> wrote:
> I've just found out that WMF's Bugmeister Andre Klapper removed "nearly
> everyone"'s Bugzilla adminship (and people with root access on the
servers
>> now have access to a file which contains login details for an 'emergency
>> admin' account).
Details:
https://wikitech.wikimedia.org/wiki/Bugzilla.wikimedia.org#How_to_log_in_as…
So I have some questions:
This wasn't a sudden removal - Andre discussed it with ops and emailed
*every* admin first, so it's far less dramatic than you may think. He's
also been working on
https://wikimediafoundation.org/wiki/Bugzilla_administrator_rights_policy,
which I believe has approval from the relevant people (I'm can't think who
that is off the top of my head).
Be that as it may, it still would have been nice for this to be publically
discussed (or at least publically announced) especially given the current
political controversies surounding rights removals from wmf services.
-bawolff
Thehelpfulone, thanks for the quick response here.
Andre and I have both been traveling today, and I think he might still
be traveling for the next day or so, so I want to say what I know as we
wait for something more definitive from Andre.
Andre mentioned the plans and linked to the draft guidelines in the
April engineering report
https://blog.wikimedia.org/2013/05/02/wikimedia-engineering-april-2013-repo…
, and mentioned the reduction in the number of Bugzilla administrators
in the May report
https://blog.wikimedia.org/2013/06/10/wikimedia-engineering-may-2013-report/
, and I'm sorry you didn't see those. What can we do to ensure that
more people see those updates? Regardless, perhaps we should have
advertised the change more broadly.
I know Andre reached out to every existing Bugzilla admin, to WMF
Operations, and to the WMF legal department during this process; I
believe that he's just finalized the policy
https://wikimediafoundation.org/wiki/Bugzilla_administrator_rights_policy with
Legal late last week per
https://www.mediawiki.org/wiki/Bug_management/status#2013-06-14 , and
he's been at a conference all this week. Once it was finalized we
should have communicated it more widely; this coming week I'll consult
with Guillaume and Andre to make sure that happens.
Tyler wrote:
I'd also like to know this information. Being a
Bugzilla admin and helping
out with the bug workflow and security issues and whatnot has always been
something I've wanted to do. But if the WMF is trying to consolidate for
some reason...
One thing Andre did when reaching out to current administrators was to
figure out what sorts of work they did and wanted to do, so as to
properly use *groups* rather than simply giving out admin access for all
those reasons. Chris Steipp wrote, "Giving users a special-purpose
group instead of administrator supports w:Least_privilege, which is a
good thing." (
https://www.mediawiki.org/wiki/User_talk:AKlapper_%28WMF%29/BugzillaAdminPo…
)
My understanding is that approximately everyone who had their admin
access removed simply got membership in groups to do the things they
wanted to do, e.g., create new products, components, milestones, etc.
For instance, James Forrester went from BZ admin to having pretty much
all rights except BZ admin (edit users, products, components,
milestones, and see security bugs). I am no longer a BZ admin since the
reduction, so I don't know who's got what privileges, but I know it's
not just Foundation staff. For some more details on what kinds of tasks
require (or might require) Bugzilla admin rights, see
https://wikimediafoundation.org/wiki/Bugzilla_administrator_rights_policy#T…
and
http://blogs.gnome.org/aklapper/2013/05/28/understanding-bugzilla-groups-an…
. Basically, people can do administrative stuff without being BZ
administrators.
We're definitely interested in helping people help Wikimedia on bug
workflow and security issues! It would be necessary for you to sign a
nondisclosure agreement to access security bugs or to get BZ admin
access to edit the workflow, I believe (from my reading of the policy).
But Andre would know more. Andre?
--
Sumana Harihareswara
Engineering Community Manager
Wikimedia Foundation