[16:46:39] 10Gitblit-Deprecate, 10Gerrit-Migration, 3releng-201516-q1: Allow cloning of Phabricator hosted git repositories - https://phabricator.wikimedia.org/T128#1382933 (10greg) p:5Low>3Normal [16:51:31] 6Project-Creators, 3Team-Practices-This-Week: Create "Unplanned-Sprint-Work" tag for tracking unplanned work that enters a sprint. - https://phabricator.wikimedia.org/T102086#1382957 (10DStrine) @aklapper I'm going to tackle that subject in a TPG task: https://phabricator.wikimedia.org/T98521 We seem to have... [17:57:57] Krenair (and others): can you look at https://phabricator.wikimedia.org/T102586 and see if Joel's response is enough? [17:58:49] meeple27, really there's no way from that to confirm the on-wiki account is the actual employee, but it's probably fine [17:59:26] Is there any way that anyone could "prove" he is an employee? If so, I can try to get there. But if it's not worth it, that's great. [17:59:45] joel wasn't sure what he would look at to establish a connection [18:00:23] (and I know the issue is not that he is "an" employee but that *he* is the employee) [18:00:51] if he's linked it to a (WMF) wiki account that seems good enough for me assuming it's the right username on-wiki, those accounts are created by HR right? [18:00:59] twentyafterfour, please read the ticket [18:01:05] the account was created improperly [18:01:11] no one knows who made it [18:01:34] it seems unlikely WMF corporate IT did it [18:01:41] (they normally do most accounts IIRC) [18:03:45] * twentyafterfour read the ticket now ;) [18:05:44] I reckon the easiest way to confirm would be an email from their @wikimedia.org address, or a post from their officewiki/collabwiki/foundationwiki accounts [18:06:46] email can be spoofed, but I could certainly have him send one if it would help [18:07:12] presumably he could post something on office wiki [18:07:16] let them edit phabricator [18:07:21] it's harder to spoof [18:07:34] here's teh weird thing [18:07:39] I've made an account on accident with WMF in it [18:07:44] and it was banned really quickkly [18:07:46] rightly so [18:07:54] why has this account from an anon source survived? [18:07:59] I'm truly curious [18:09:44] after you know it's linked to a @wikimedia.org account, how do you know the NDA was signed? [18:11:54] mutante: the assumption has been if they are a full employee teh nda was part of their onboarding [18:12:08] i.e. confirmation of new employee == confirmation of nda, which isn't great but [18:12:13] that has been the idea [18:12:18] chasemp, do you know how long User:MZMcBride (WMF) went unnoticed? [18:12:23] we should make "add to phab NDA" part of onboarding too [18:12:45] Krenair: no idea mutante: yeah [18:13:08] https://meta.wikimedia.org/wiki/Special:CentralAuth/MZMcBride_(WMF) [18:14:18] well I guess that's a good argument for not blindly trutsing anything with WMF in it [18:14:23] Indeed. [18:33:32] so where does that leave us with David? Is there some specific edit (wiki or phab) you would like him to make? [18:36:01] chasemp, ^ [18:37:54] I'm going to punt this to greg since he owns phab now but for real and I will talk to him about it [18:38:12] meeple27: give it till wed and then ask what's up? [18:38:31] I'll check to make sure it's not more urgent than that, but otherwise ok [18:38:46] k [18:39:10] not my intention to beg off on this but in reality greg I imagine needs to be aware of this lack of process [18:39:21] and make the call but I don't forsee any more drama [18:39:26] should be fine [18:40:46] right. there are 3 things going on: 1. Get David access. 2. Why was David's account done oddly 3. Future-looking processes to prevent it from happening again [18:41:26] agreed sorry it landed on your doorstep [18:41:27] obviously I'm focused on #1, but I do understand the value of #2 and #3 as well. (I just don't want them to be blockers for #1) [18:41:49] it's fine. a big part of my role is to clear blockers like this, so devs don't have to [18:46:57] chasemp: Could you assign the task to greg, with comment? [18:47:06] I would, but I'm not sure what the comment would say [18:47:10] done and done already [18:47:25] and I pinged him on irc [18:47:37] perfect. thanks! [18:47:42] and told him to get serious with his life [18:47:44] :) [18:47:46] :P [19:36:27] chasemp: it seems that greg-g has kicked the nda stuff back to "us", although I'm not sure who "us" is [19:36:48] I really want to separate the long-term from the short-term here [19:37:09] who could add David, and what evidence would you need before feeling comfortable to do so? [19:38:01] if I'm asking to verify a staff WMF account I would ask James_F I think [19:38:25] let's be clear about "verify" [19:38:27] outside of this context so post OIT doing funny things I think he would also be involved when this account eventually does get banned [19:38:37] there is a phab account, and we want to make sure it is controlled by an employee, right? [19:38:42] agreed [19:38:48] we know that the phab account is linked to an SUL account [19:38:53] agreed [19:39:12] and from the other end, do we know that the employee has control of @wikimedia.org and/or an account on officewiki? [19:39:53] I do not [19:39:56] but I think James would [19:40:09] which approach is easier/safer? email or wiki? [19:40:15] I have no real rights to wiki things [19:40:34] and james because of his magic volunteer powers, not because of his foundation position, rght? [19:41:09] honestly not sure where his powers come from just that he has them [19:41:22] :P [19:41:57] ok, so what would James be able to deduce/prove? [19:42:28] that it's a legit staff account, my understanding is when this account eventually comes into question anyways [19:42:32] they'll have to do it [19:42:33] It still seems like the task is to prove a connection between david's SUL account and the human we know [19:42:38] yes [19:42:54] which is the purview of jamesofur or James_F I think [19:43:09] james_f is pretty overloaded, so I was going to ask if there were alternatives [19:43:27] honestly I don't know who else is on that team [19:43:48] which team is that? [19:44:05] whatever team jamesofur is on :) [19:44:12] I keep like no track of this only know certain ppl [19:44:32] ha. welcome to the foundation. Ok. I'll see what I can dig up. thanks [19:44:53] Philippe's is the master of this territory but is very busy [19:45:02] unfortunately there is no orchart. orgchart.wmflabs.org would be awesome [19:45:11] but the problem is it didnt get updates [19:45:15] and labs [19:45:33] James_F wouldn't be on this hypothetical team in an org chart anyway [19:46:09] I expect philippe can tell us who should validate a staff account on wiki [19:46:14] and then it's all done [19:46:20] asiding any future process anything [19:49:54] Jamesofur is in "Community Advocacy" [19:51:22] from jamesofur's user page description, he seems like exactly who I should talk to [19:51:40] that is who I would ask first yes [19:56:08] Jamesofur and James_F being used interchangeably? [19:58:21] hah. not the first time that has happened [20:04:34] ok, jamesofur has commented. who gets the task now? chasemp? greg-g? [20:05:00] done [20:05:37] whew. Thanks!!! [20:06:02] sorry to be a pain. I'm fine waiting for things to happen as long as there is an owner and path, but that didn't seem to be the case here [20:06:10] this was not your fault at all [20:06:42] and i learned a lot :D [20:06:52] "wmf staff account created by anon user? -- thanks obama!" [20:07:29] does anyone feel strongly that I (or someone) should create a ticket for either research into root cause of this, or to aim for a smoother/more foolproof process in the future? [20:08:32] honestly no clue [20:08:36] A fix would be to completely ban anonymous creation of WMF accounts. [20:08:39] the more common case is ppl not having ANY staff account [20:08:52] that woudl be better [20:09:00] it really has no value [20:09:28] how about NOT creating them by default for each employee but when they actually need one [20:09:33] i don't think I'll create a task for that :P [20:09:58] mutante: I think that was said and then the counter was that every staff should be in phab [20:09:59] so idk [20:10:15] I have no dog in teh fight [20:10:39] mutante, then you just get even more people trying to self-create [20:11:03] :( [20:13:53] when "WMF" accounts were introduced i thought the purpose was only for https://en.wikipedia.org/wiki/Wikipedia:Office_actions [20:14:02] which like 0.01% of all employees do [20:15:19] I kind of like doing my work-related mw.o edits as WMF and my wikipedia edits as personal, but I'm new so don't really know all the background [20:17:42] Some people edit the same wiki as both a volunteer and as staff. [20:18:02] i never understood when i have to logout of one account and into the other [20:18:09] Some people can perform really highly privileged actions (OS, CU, etc.) as either [20:18:11] is it the time of day? [20:18:18] because work hours 9-5? [20:19:01] I think there have been issues in the past with some people trying to limit what other users can do - and not saying whether they were acting as a volunteer or staff [20:19:52] as long as we don't start handing out "staff" flag to all WMF accounts, that would not be a good idea.. [20:20:00] and so on. So at some point it became necessary to completely separate your public wiki accounts [20:21:08] if both of my accounts don't have more privileges than any other random user.. shrug... [20:21:12] I wouldn't mind that flag being handed out to all wmf accounts if it was just a confirmation of actual employee/contractor/office-volunteer status, rather than the huge ridiculously over-privileged rights group it currently grants [20:21:52] Krenair: agreed, i'm just afraid people think it's the confirmation thing but it's totally not [20:22:25] if it _actually_ was a flag that lets me check whether somebody is employee.. that would be useful [20:23:05] but it certainly doesn't need those privileges [20:23:21] that would also contribute to the WMF-volunteer gap [20:26:19] Special:CheckIfEmployee [20:26:23] employoid [20:26:46] legoktm: in my perfect world: HR meets new employee, employee signs contract and NDA, HR person edits LDAP :) [20:27:00] ops checks LDAP flag.. all happy [20:27:06] hahah good one ;) [20:27:35] well, maybe the client needs to be web-based :p [20:28:17] or: bot parses HR's twitter feed and then updates LDAP based on that, hehe [20:28:38] is the Twitter thing still reliably updated? [20:29:05] probably not [20:35:00] I don't think I really met anyone from HR when I became a WMF contractor [20:35:32] hah, good point, yea [20:35:55] we had the huge legal agreement to sign, then eventually I got an email with a bunch of passwords for internal services. all via the manager [20:36:14] my first day at office nobody was there :) [20:37:16] so yea, that's the root cause for missing process. no consistent onboarding [20:38:29] I've heard people suggest that people simply forget to check the box on the onboarding form for a public wiki account, and then the employee/contractor self-creates it later unaware of the issues? [20:38:44] or something [20:39:47] i would suggest to model the NDA process for employees after the NDA process for volunteers, because whether somebody happens to get money doesn't really change the problem, which is having people, a document and needing to track a signature [20:40:07] did that before though [20:43:50] anyways, i see the current ticket is now resolved [20:48:54] yup, chase took care of it after getting the ok from james a [20:59:00] 6Phabricator, 6operations: Automate nightly dump of Phabricator metadata - https://phabricator.wikimedia.org/T103028#1383943 (10JAufrecht) [20:59:39] cool [21:06:14] 6Phabricator: When a task which is a blocker and has open blockers is closed, change the open blockers to block the grandparent task. - https://phabricator.wikimedia.org/T103182#1383965 (10JAufrecht) 3NEW [21:51:51] 6Phabricator, 6operations: Automate nightly dump of Phabricator metadata - https://phabricator.wikimedia.org/T103028#1384106 (10csteipp) Yeah, should be fine. [22:04:24] 6Phabricator, 10Wikimedia-Bugzilla, 6operations, 7Tracking: Tracking: Remove Bugzilla from production - https://phabricator.wikimedia.org/T95184#1384138 (10Dzahn) [22:04:43] 6Phabricator, 10Wikimedia-Bugzilla, 6operations, 7Tracking: Tracking: Remove Bugzilla from production - https://phabricator.wikimedia.org/T95184#1182562 (10Dzahn) [22:18:23] 6Phabricator, 10Wikimedia-Bugzilla, 6operations, 7Tracking: Tracking: Remove Bugzilla from production - https://phabricator.wikimedia.org/T95184#1384194 (10Dzahn) [22:23:39] 6Phabricator: Changing a non-access request ticket in an access request ticket does not create restricted blocker - https://phabricator.wikimedia.org/T103194#1384211 (10Krenair) 3NEW [22:23:50] 6Phabricator: Changing a non-access request ticket into an access request ticket does not create restricted blocker - https://phabricator.wikimedia.org/T103194#1384220 (10Krenair) [22:45:28] 6Project-Creators, 6Design Research Backlog: Create Needs-user-research tag - https://phabricator.wikimedia.org/T75933#1384271 (10Tgr) How about just > Used for tasks where further work is blocked by questions answerable by [[ http://www.usability.gov/what-and-why/user-research.html | user research ]]. There i... [23:07:00] 6Engineering-Community, 10Analytics, 6Research-and-Data, 3ECT-July-2015: Metrics about the use of the Wikimedia web APIs - https://phabricator.wikimedia.org/T102079#1384304 (10GWicke) > This distinction might be trickier for our RESTBase APIs, since they can be used internally and externally The same is t...