Re: [Wikitech-l] Removal of Bugzilla admins

On 06/22/2013 03:02 PM, Brian Wolff wrote: Details: https://wikitech.wikimedia.org/wiki/Bugzilla.wikimedia.org#How_to_log_in_as… Thehelpfulone, thanks for the quick response here. Andre and I have both been traveling today, and I think he might still be traveling for the next day or so, so I want to say what I know as we wait for something more definitive from Andre. Andre mentioned the plans and linked to the draft guidelines in the April engineering report https://blog.wikimedia.org/2013/05/02/wikimedia-engineering-april-2013-repo… , and mentioned the reduction in the number of Bugzilla administrators in the May report https://blog.wikimedia.org/2013/06/10/wikimedia-engineering-may-2013-report/ , and I'm sorry you didn't see those. What can we do to ensure that more people see those updates? Regardless, perhaps we should have advertised the change more broadly. I know Andre reached out to every existing Bugzilla admin, to WMF Operations, and to the WMF legal department during this process; I believe that he's just finalized the policy https://wikimediafoundation.org/wiki/Bugzilla_administrator_rights_policy with Legal late last week per https://www.mediawiki.org/wiki/Bug_management/status#2013-06-14 , and he's been at a conference all this week. Once it was finalized we should have communicated it more widely; this coming week I'll consult with Guillaume and Andre to make sure that happens. Tyler wrote: One thing Andre did when reaching out to current administrators was to figure out what sorts of work they did and wanted to do, so as to properly use *groups* rather than simply giving out admin access for all those reasons. Chris Steipp wrote, "Giving users a special-purpose group instead of administrator supports w:Least_privilege, which is a good thing." ( https://www.mediawiki.org/wiki/User_talk:AKlapper_%28WMF%29/BugzillaAdminPo… ) My understanding is that approximately everyone who had their admin access removed simply got membership in groups to do the things they wanted to do, e.g., create new products, components, milestones, etc. For instance, James Forrester went from BZ admin to having pretty much all rights except BZ admin (edit users, products, components, milestones, and see security bugs). I am no longer a BZ admin since the reduction, so I don't know who's got what privileges, but I know it's not just Foundation staff. For some more details on what kinds of tasks require (or might require) Bugzilla admin rights, see https://wikimediafoundation.org/wiki/Bugzilla_administrator_rights_policy#T… and http://blogs.gnome.org/aklapper/2013/05/28/understanding-bugzilla-groups-an… . Basically, people can do administrative stuff without being BZ administrators. We're definitely interested in helping people help Wikimedia on bug workflow and security issues! It would be necessary for you to sign a nondisclosure agreement to access security bugs or to get BZ admin access to edit the workflow, I believe (from my reading of the policy). But Andre would know more. Andre? -- Sumana Harihareswara Engineering Community Manager Wikimedia Foundation