[22:00:07] <KateChapman>	 #startmeeting RFC meeting
[22:00:57] <KateChapman>	 TimStarling could you kick the bot?
[22:01:08] <TimStarling>	 yes
[22:03:28] <KateChapman>	 #startmeeting RFC meeting
[22:03:28] <wm-labs-meetbot>	 Meeting started Wed Jan 23 22:03:28 2019 UTC and is due to finish in 60 minutes.  The chair is KateChapman. Information about MeetBot at http://wiki.debian.org/MeetBot.
[22:03:28] <wm-labs-meetbot>	 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
[22:03:28] <wm-labs-meetbot>	 The meeting name has been set to 'rfc_meeting'
[22:03:46] <KateChapman>	 #topic Draft Gerrit Privilege Policy https://www.mediawiki.org/wiki/User:Tim_Starling_(WMF)/Draft_Gerrit_privilege_policy
[22:04:18] <KateChapman>	 who is joining for this ^^^^?
[22:04:39] <Nikerabbit>	 I'm around
[22:04:41] <James_F>	 I am.
[22:04:50] <TimStarling>	 o/
[22:04:53] <KateChapman>	 (also as a reminder #info #link and #action are all great tags to use to get things into the minutes)
[22:05:13] * duesen_ wibbles
[22:05:16] <TimStarling>	 the current draft is https://www.mediawiki.org/wiki/User:Tim_Starling_(WMF)/Draft_Gerrit_privilege_policy
[22:05:44] <TimStarling>	 this will replace https://www.mediawiki.org/wiki/Gerrit/%2B2 and https://www.mediawiki.org/wiki/Gerrit/Project_ownership and represents a merge of the two policies
[22:06:35] <James_F>	 I created https://www.mediawiki.org/w/index.php?diff=3064176&oldid=2974197&title=Gerrit/%2B2&diffmode=source but it's not hugely informative as a diff.
[22:07:05] <TimStarling>	 a lot of the changes are really just to better describe the current situation, but there are a few substantive changes
[22:07:33] <TimStarling>	 one is that we are allowing WMDE to add and remove staff members from the mediawiki group
[22:07:48] <James_F>	 Seems sensible.
[22:08:26] <TimStarling>	 in general, we are formalising the idea of organisations controlling group access, with a concept of expedited requests for trusted organisations
[22:09:05] <TimStarling>	 this means that requests from those organisations for modification of certain groups can be made directly to gerrit administrators, without filing a phabricator ticket or waiting for consensus
[22:09:10] <James_F>	 I note that the Wikimedia Foundation isn't listed as a trusted organisation, which sort-of makes sense, but it's also a bit odd.
[22:09:24] <TimStarling>	 yeah, the other organisations are trusted *by* WMF
[22:09:35] * James_F nods.
[22:09:37] <TimStarling>	 I thought about making WMF a trusted organisation, but the trouble is, WMF has a lot of special cases
[22:10:29] <TimStarling>	 for example, trusted organisations have a simple revocation policy, whereas WMF has of it spelt out
[22:10:55] <James_F>	 Yeah.
[22:11:58] <James_F>	 It also no longer talks about the use of C-2, even in passing. Should it? Being clear that C-2 is a statement of code quality and not necessarily trust in the author/etc.?
[22:12:39] <TimStarling>	 I think we have another page on how to do code review
[22:12:51] <duesen_>	 In my mind, C-2 isn't really about code quality either. it'S either "bad idea" or "will break the site if we do it now"
[22:13:01] <duesen_>	 C-1 is for code quality
[22:13:12] <TimStarling>	 https://www.mediawiki.org/wiki/Gerrit/Code_review
[22:13:19] <James_F>	 OK, yes, but "bad idea" is a kind of code quality statement. :-)
[22:13:34] <duesen_>	 it's an idea quality statement :P
[22:13:34] <TimStarling>	 that page talks about what -2 means and when to use it
[22:13:43] <James_F>	 Anyway, sorry to derail.
[22:14:24] <duesen_>	 James_F: it seems like you are the only non-techcom participant in this conversation, so derail away, this is all for you :)
[22:14:31] * James_F laughs.
[22:14:44] <James_F>	 We should probably not use "WMF" given that Comms has Rules™ against it.
[22:14:54] <James_F>	 (In the text, not in the LDAP group name.)
[22:15:35] <TimStarling>	 #action TimStarling to review comms rules on "WMF" acronym
[22:15:55] <duesen_>	 .oO(the World Minigolfsport Federation may sue)
[22:16:25] <TimStarling>	 well, I can add it to the definitions list if it's just about confusion
[22:16:48] <James_F>	 It's more about normalising the language we're meant to use. Hardly urgent.
[22:17:28] <TimStarling>	 another substantive change is that we're deprecating the concept of repository ownership
[22:17:49] <James_F>	 Yeah, I was happy to see that.
[22:18:19] <TimStarling>	 the idea is that the highest per-repository permissions will be +2 etc., and the only people making group membership changes will be the gerrit administrators
[22:18:28] <James_F>	 Maybe we should more clearly lay out the Foundation staff who should (and who should not) have C+2 rights (i.e. be in the wmf group)? Longer-term I'd love for there to be separation between "access to production log data" and "gerrit privilege rights".
[22:19:06] <James_F>	 But generally, everything looks fine in the doc from my POV.
[22:19:32] <TimStarling>	 we can split the LDAP groups, but it seems outside the present scope
[22:20:00] <duesen_>	 i'm in favor of no longer including wmf in mediawiki. but i agree that that shoudl be a separate discussion
[22:20:10] <James_F>	 OK.
[22:20:16] <duesen_>	 I'd like to mention a point of order, for the record:
[22:20:18] <James_F>	 Then I'm out of things to say. :-)
[22:20:35] <duesen_>	 this is not an RFC TechCom can approve.
[22:20:39] <TimStarling>	 I haven't proposed removing existing ownership access in bulk, should we consider doing that?
[22:20:52] <duesen_>	 The idea is to agree on a draft that is then proposed to the CTO for adoption.
[22:20:59] <James_F>	 duesen_: Understood.
[22:21:39] <James_F>	 TimStarling: Are there significant number of ownership situations? I'm mostly familiar with the Wikimedia-deployed code which are owned by the MediaWiki group.
[22:22:21] <TimStarling>	 I haven't counted them, but yes, I think there are a significant number
[22:22:42] <James_F>	 Is fixing that "policy", or fix-up?
[22:23:13] <TimStarling>	 right, a one-off action wouldn't really make sense in a permanent policy
[22:23:23] * James_F nods.
[22:23:29] <TimStarling>	 but it could be a separate resolution
[22:24:06] <TimStarling>	 we should take care to make sure the affected people are aware of this
[22:24:07] <James_F>	 The "projects with only one maintainer" bit is a little sad.
[22:24:25] <James_F>	 Yeah, we should do a wikitech-l notice or two.
[22:25:06] <duesen_>	 Yes, I fear we didn't do a very good job of socializing this discussion. But then, I don't know how to reach out to owners of extension repos we don't use. Just make a list and mail them all?
[22:25:47] <James_F>	 People sometimes use gerrit-only accounts that they don't look at, of course, but there's only so much Best Efforts we can reasonably do.
[22:27:17] <TimStarling>	 how about I post this draft to wikitech-l as a kind of last call, and separately start looking at who would be affected by a one-off change to repo ownership
[22:28:06] <James_F>	 WFM.
[22:28:28] <TimStarling>	 no sense dragging out this meeting, if there are no further comments
[22:28:46] <duesen_>	 That sounds good, yes!
[22:29:14] <duesen_>	 (both, the mails, and ending early)
[22:29:44] <duesen_>	 btw, WMF is a famous German maker of cutlery and cookware
[22:29:45] <duesen_>	 https://en.wikipedia.org/wiki/WMF_Group#/media/File:Pots_from_WMF.jpg
[22:29:51] <duesen_>	 just so you know ;)
[22:30:33] <KateChapman>	 okay, should I close things?
[22:31:00] <TimStarling>	 yes, thanks KateChapman
[22:31:02] <KateChapman>	 #endmeeting
[22:31:03] <wm-labs-meetbot>	 Meeting ended Wed Jan 23 22:31:03 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)
[22:31:03] <wm-labs-meetbot>	 Minutes:        https://tools.wmflabs.org/meetbot/wikimedia-office/2019/wikimedia-office.2019-01-23-22.03.html
[22:31:03] <wm-labs-meetbot>	 Minutes (text): https://tools.wmflabs.org/meetbot/wikimedia-office/2019/wikimedia-office.2019-01-23-22.03.txt
[22:31:03] <wm-labs-meetbot>	 Minutes (wiki): https://tools.wmflabs.org/meetbot/wikimedia-office/2019/wikimedia-office.2019-01-23-22.03.wiki
[22:31:03] <wm-labs-meetbot>	 Log:            https://tools.wmflabs.org/meetbot/wikimedia-office/2019/wikimedia-office.2019-01-23-22.03.log.html
[22:31:19] <James_F>	 duesen_: We know, we have one of their spatulas in the Comms area as a reminder to stop using "WMF". :-)
[22:31:43] <TimStarling>	 eh, all language is ambigious
[22:32:09] <duesen_>	 KateChapman, TimStarling: how about sending this to victoria as it is now, as techcom's draft, with the caveat that we are still soliciting feedback from 3rd parties?
[22:32:22] <duesen_>	 or shoudl we wait until we did that?
[22:32:55] <KateChapman>	 duesen_ I would say not much hurry and we could just solicit the feedback first.
[22:33:35] <duesen_>	 k
[22:33:42] <TimStarling>	 if we leave it more than a week, we'll be sending it to Erika instead of Victoria
[22:33:58] <TimStarling>	 may as well send it to Victoria to see if she has any comments before she leaves
[22:34:46] <TimStarling>	 I wouldn't expect her to approve it before Feb 1
[22:35:27] <paladox>	 TimStarling question how will that affect mw extensions that are not deployed to the wmf?
[22:36:39] <duesen_>	 paladox: existing ones, not at all, for now. for new ones, the maintainer will not become the repo owner, just get +2 on the repo.
[22:36:50] <paladox>	 oh
[22:37:08] <paladox>	 why only +2?
[22:38:02] <duesen_>	 to avoid people going rogue on such a repo without anyone noticing. nobody is watching those repos, btu we are still hosting them.
[22:38:17] <TimStarling>	 we don't really know what criteria maintainers are using to grant +2, I think it's better for there to be a public record of that
[22:39:53] <paladox>	 ah ok, will there be a process for repo requesters to be able to become a owner? Or will someone be handling requests for perm changes? (ie adding like push etc)
[22:41:43] <TimStarling>	 in my experience, when force push is needed, that is done by temporarily giving force push rights to the group
[22:42:05] <TimStarling>	 a process for that is not defined in this document and so will presumably stay the same as it is now, i.e. ask chad and he does that
[22:43:16] <James_F>	 Not Chad any more. ;-)
[22:43:38] <paladox>	 anyone in ldap/ops are admins too
[22:44:02] <TimStarling>	 anyway, this hasn't really been discussed by very many people, so if you think it should stay the way it is, you should say that, e.g. on the draft talk page