On Sat, May 11, 2013 at 5:04 PM, MZMcBride <z...@mzmcbride.com> wrote:
> Leslie Carr wrote:
>>> * Shell access has been restricted to staff only (no more volunteer
>>> sysadmins).
>>
>>Someone better tell that to domas and his ssh key.
>>
>>As someone tasked with protecting the servers, ssh keys should be
>>restricted as much as possible, both with staff and volunteers. that is
>>technical and not political.
>
> That was just sloppy wording on my part, apologies. Shell/root access has
> been indeed been restricted to staff only. About four users have been
> grandfathered in (Domas, Jens, River, Robert S.). I'll note that these
> users have all contributed an enormous amount (for free!) to the Wikimedia
> movement. They deserve only our appreciation for the volunteer work
> they've done. And they serve as a model of what trusted volunteers can do.
> Please don't suggest that this has anything to do with technical
> decisions. Even a child can see that this is pure politics.
>
> Leslie, do you agree with these policies that remove all non-staff from
> positions of trust? Do you agree with creating tiers between staff and
> everyone else?

I have no opinion on all the other policies - my concern, expertise,
and really the only place I think my opinion even matters is for the
servers.

My opinion is that we should restrict any ssh access on the cluster to
those who have demonstrated that they both need it and can handle the
responsibility. If a volunteer has been very responsible in labs and
has a demonstratable need, I'd be fine with that.  The reason that ops
staff get ssh access and root is that we (hopefully) during our
interview and references have demonstrated the ability to handle the
access responsibly, have a need, and on top of that have signed a big
stack of paperwork.  But the more that we can do on labs without ever
touching production, the better off the stability of the cluster.

Also I believe that several analytics folks ( under admins::restricted
in admins.pp ) are not employees but do have some ssh access.


Leslie

>
> MZMcBride
>
>
>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l



--
Leslie Carr
Wikimedia Foundation
AS 14907, 43821
http://as14907.peeringdb.com/

_______________________________________________
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Reply via email to