subject:"Re\: \[Wikimedia\-l\] Transparency\: special WMF employee rights for Wikimedia projects"

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

2016-06-04 Thread Pine W

A few comments:

Limiting staff rights to being on an as-needed basis makes good sense to
me. There have a few incidents where staff have taken actions that they
shouldn't. Limiting the scope of staff rights helps to contain the
potential problems.

I'm sure that rights management becomes a more and more complex and
time-consuming task with such a large headcount in WMF.

As rights become more granular, understanding them and understanding logs
becomes complex too, so I'm hoping that we can try to find a good balance
between having rights and logs that are granular with having rights and
logs that are relatively easy for humans to understand and audit.

Thanks,

Pine
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

2016-06-03 Thread James Alexander

On Fri, Jun 3, 2016 at 5:40 AM, Fæ  wrote:

> For anyone unaware, in 2014 I created a bot task to maintain a page on
> Meta[1] showing the special Wikimedia Projects rights being allocated
> to WMF employees and contractors, without following normal community
> processes. The bot mirrors data from a Google Spreadsheet maintained
> by the WMF. Back in 2014, this was praised as a positive move forward
> by the WMF in applying our joint commitment to transparency.
>
> Unfortunately the spreadsheet appeared to drop off the radar last year
> and fell into disuse, only being updated after public complaint. The
> spreadsheet has not been updated since November 2015 (over six months
> ago), includes staff who have now left and presumably excludes several
> recent changes to employee rights.
>

While the recording is still being done it's clear the mirroring broke.
I'll go make sure it's up to date and mirrored correctly so that can be
updated over the course of today.

> Could the WMF please make a positive policy decision to ensure the
> open publication of special project rights for its employees becomes a
> required part of the procedure, and business as normal?

This quarter we've been putting together a more organized policy on our
staff rights so that they can be expanded to allow for rights to be granted
by someone other then just me which is an obvious bus factor and encourages
transparency and openness to slip through the cracks in favor of efficiency
and speed. That said we have certainly not been making any direct attempt
to hide changes or be less transparent about it.

Recently, for example, we created a meta specific 'local' right for the
Support and Safety team
 (creating
that page before it was launched) which was a direct response to Steward
requests (and others) to ensure we had global actions such as account
locks, global blocks, user rights changes etc centralized on meta rather
then spread out over 900+ wikis where there was no oversight from
volunteers for those actions. It also allowed us to remove all of those
rights from the global 'staff' right because others there didn't need them.
(which leads to below)

Failing this,
> if rights are to continue to be allocated behind closed doors, with
> some rights being allocated for just a few days at a time so never
> appearing on this spreadsheet, can the rationale for managing project
> rights this way please be explained to the wider community so that we
> might be allowed the opportunity to ask basic questions.
>

In general our goal is to ensure staff have the rights they need to do
their job (whether that's testing a bug, carrying out office actions and
legal process, protecting  setting up grant processes and fundraising
banners or something more unique). We also strive to reduce the attack
vector as much as possible, as much as possible staff shouldn't have rights
they 'don't' need to do their job and they shouldn't have rights much
longer then they actually need them. Because of this I think short term
rights (and occasionally unique rights) are useful tools to ensure that
staff can do their job while remaining with as little access as possible.
In the past everyone having one giant 'all rights staff group' made some
sense but at the size the WMF is now I'm not sure it does.

James Alexander
Manager
Trust & Safety
Wikimedia Foundation
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

2016-06-03 Thread Adrian Raddatz

All WMF staff accounts are now required to have "WMF" in their username, so
it's pretty obvious which accounts have rights for work purposes. Given
this, is that list of advanced permissions still necessary?

Disclosure: I personally think it would be easier for all WMF staff to be
put into one or two usergroups, rather than the variety of groups existing
now and some access to non-staff rights on top of that.

Adrian Raddatz

On Fri, Jun 3, 2016 at 6:40 AM, Fæ  wrote:

> For anyone unaware, in 2014 I created a bot task to maintain a page on
> Meta[1] showing the special Wikimedia Projects rights being allocated
> to WMF employees and contractors, without following normal community
> processes. The bot mirrors data from a Google Spreadsheet maintained
> by the WMF. Back in 2014, this was praised as a positive move forward
> by the WMF in applying our joint commitment to transparency.
>
> Unfortunately the spreadsheet appeared to drop off the radar last year
> and fell into disuse, only being updated after public complaint. The
> spreadsheet has not been updated since November 2015 (over six months
> ago), includes staff who have now left and presumably excludes several
> recent changes to employee rights.
>
> Could the WMF please make a positive policy decision to ensure the
> open publication of special project rights for its employees becomes a
> required part of the procedure, and business as normal? Failing this,
> if rights are to continue to be allocated behind closed doors, with
> some rights being allocated for just a few days at a time so never
> appearing on this spreadsheet, can the rationale for managing project
> rights this way please be explained to the wider community so that we
> might be allowed the opportunity to ask basic questions?
>
> Links
> 1. https://meta.wikimedia.org/wiki/WMF_Advanced_Permissions
>
> Thanks,
> Fae
> --
> fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>
> -- Forwarded message --
> From: Fæ 
> Date: 25 September 2015 at 08:52
> Subject: Re: [Wikimedia-l] WMF Advanced Permissions
> To: Wikimedia Mailing List 
>
>
> On 25 September 2015 at 05:46, James Alexander 
> wrote:
> > Hey Fae,
> >
> > As you know that I'm responsible for the spreadsheet that your bot is
> copying to make that spreadsheet (since you're one of the ones who asked me
> to make the process more transparent) I would have really appreciated a
> more private email before this public one. That said, yes there have both
> been some changes on the private versions of the sheet that caused the
> public version to break as well as very few actual rights changes which
> means I haven't been looking at it often. Because of a back log of issues
> within my Trust and Safety work I haven't been able to fully find the time
> to fix and update everything but I actually have time set aside on my
> calendar on Monday to do that :).
> >
> > Sent from my iPhone
> >
> >
> > James Alexander
> > Legal and Community Advocacy
> > Wikimedia Foundation
> > +1 415-839-6885 x6716
>
> Thanks for your commitment to get this up to date.
>
> Had my question been about the performance of a named employee, I
> would have sent a private email out of courtesy. This was a simple
> non-critical question about WMF transparency, following on from an
> original open discussion a long time ago on this list. This makes this
> list the best open place to raise the question.
>
> I feel that it is ethical to all encourage volunteers to feel free to
> ask questions about WMF transparency in the open. It would be a
> positive and ethical approach to take. Making it appear that a
> volunteer has done something wrong when they try to do so is not a
> healthy direction to go in.
>
> Thanks,
> Fae
>
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

Re: [Wikimedia-l] Transparency: special WMF employee rights for Wikimedia projects

3 matches

Site Navigation

Mail list logo

Footer information