[Labs-l] Considering restriction of project membership to sysadmin role

Ryan Lane rlane32 at gmail.com
Mon Apr 2 20:41:37 UTC 2012 

I had made a proposal earlier that people use LQT on project
discussion pages for project access. I don't like the unified request
page, since most of the requests are project specific.

If people request access to bastion on bastion's discussion page, I'll
see it, and I'll handle it. Other people who are sysadmins should do
the same.

In the future I'd prefer that not everyone can give access to bastion.
It's great that you're helping out with that, but I like to ask people
why they need Labs access before I give it to them. Some people want
Labs access just because they want shell, but aren't going to be
working on anything. I'd prefer people only have access if they'll
actively be doing something.

On Tue, Apr 3, 2012 at 5:30 AM, Petr Bena <benapetr at gmail.com> wrote:
> I have a bit negative reaction :) I am not any admin of labs and I had
> to add about 4 people to bastion already including Reedy otherwise
> they wouldn't have access at all. If you do this are you going to
> watch the request page more carefully? The access to project with no
> access to bastion is of no use
>
> On Mon, Apr 2, 2012 at 10:27 PM, Ryan Lane <rlane32 at gmail.com> wrote:
>> I'm considering a change to project membership and would like to seek opinions:
>>
>> Currently, any member of a project can add or remove another member.
>> This enables a more collaborative environment, but also makes things a
>> little insecure. Eventually, we'd like to open registration of
>> labsconsole to allow anyone to have an account. By default people will
>> only have rights to edit the wiki. However, if they were added to a
>> project then they'd also have shell access inside of labs. We've been
>> mostly limiting labs access via the bastion project. Right now it's
>> possible for anyone to add/remove people in that project if they are a
>> member. We track this via recent changes, and can remove/readd people
>> at will.
>>
>> By limiting this access to the sysadmin role, we can limit project
>> membership to those responsible for the systems inside of the project.
>> This will introduce a higher burden on sysadmin users, though.
>>
>> Unless I get fairly negative reaction on this change, I plan on
>> pushing it out soonish. Thoughts?
>>
>> - Ryan
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l

More information about the Labs-l mailing list