On Sat, May 11, 2013 at 5:04 PM, MZMcBride <z...@mzmcbride.com> wrote: > Leslie Carr wrote: >>> * Shell access has been restricted to staff only (no more volunteer >>> sysadmins). >> >>Someone better tell that to domas and his ssh key. >> >>As someone tasked with protecting the servers, ssh keys should be >>restricted as much as possible, both with staff and volunteers. that is >>technical and not political. > > That was just sloppy wording on my part, apologies. Shell/root access has > been indeed been restricted to staff only. About four users have been > grandfathered in (Domas, Jens, River, Robert S.). I'll note that these > users have all contributed an enormous amount (for free!) to the Wikimedia > movement. They deserve only our appreciation for the volunteer work > they've done. And they serve as a model of what trusted volunteers can do. > Please don't suggest that this has anything to do with technical > decisions. Even a child can see that this is pure politics. > > Leslie, do you agree with these policies that remove all non-staff from > positions of trust? Do you agree with creating tiers between staff and > everyone else?
I have no opinion on all the other policies - my concern, expertise, and really the only place I think my opinion even matters is for the servers. My opinion is that we should restrict any ssh access on the cluster to those who have demonstrated that they both need it and can handle the responsibility. If a volunteer has been very responsible in labs and has a demonstratable need, I'd be fine with that. The reason that ops staff get ssh access and root is that we (hopefully) during our interview and references have demonstrated the ability to handle the access responsibly, have a need, and on top of that have signed a big stack of paperwork. But the more that we can do on labs without ever touching production, the better off the stability of the cluster. Also I believe that several analytics folks ( under admins::restricted in admins.pp ) are not employees but do have some ssh access. Leslie > > MZMcBride > > > > _______________________________________________ > Wikimedia-l mailing list > Wikimediafirstname.lastname@example.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l -- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/ _______________________________________________ Wikimedia-l mailing list Wikimediaemail@example.com Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l