[Wikimedia-l] WMF Global Bans

[Craig Franklin]

This is a good point Pete.  I only know the full circumstances of a couple
of the global bans, but in each case it is based on non-public information
that we would not want going public.  Just because each discussion is not
subject to a yes/no decision on Meta, does not mean there is no community
involvement.  Generally though, I want to see more leadership from the
Foundation in working against antisocial users, not less.

I'd additionally add that the circumstances around some of these bans it
may be the case that the Foundation would be criminally negligent in *not*
stepping in and taking action.  In this case running extensive community
consultation where there can only be one result would be a waste of time,
both for the Foundation and also for the community.

The only suggestion for improvement I'd have is that in a situation like we
have currently where Maggie is sitting in two roles that both should play a
separate oversight role in this process, an extra set of eyes is
temporarily empowered to review and approve.  Not that I don't have
complete faith in James, Maggie and Michelle to make a fair and competent
decision, but if it normally requires four separate approvals, transient
staffing issues shouldn't be knocking the requirement down to three (or
two, or one).

Cheers,
Craig



On 18 February 2017 at 06:56, Pete Forsyth  wrote:

> I want to chime in briefly, since I have direct personal experience in
> WMF0-initiated bans.
>
> Not long ago, Support & Safety took an action to exclude somebody for whom
> I, as a volunteer, felt some responsibility. Initially, I felt that there
> was inadequate communication with me, and as a result the action put me in
> a difficult position. I brought the issue to James Alexander's attention.
> He took the time to discuss the issue in some depth; he acknowledged that
> it should have been handled better by WMF, and assured me that the
> experience would inform future efforts. If we're going to be using letter
> grades, I would James and his colleagues an "A" on the debrief, and I am
> confident that he and his colleagues have done/will do better after the
> fact.
>
> There are good reasons for some bans to be handled by volunteers, and good
> reasons for some bans to be handled entirely by professionals. There are
> also some incidents that clearly fall into a grey area where cooperation is
> needed, and it's important that such incidents be handled with a
> sensitivity to their unique qualities, which requires trust in the various
> people involved to judge how much public communication is appropriate.
>
> Final point -- all of this is now very much a departure from the subject
> line and the original topic, which were about permissions *for WMF staff*.
> If discussion on bans continues, I'd suggest introducing a new subject line.
>
> -Pete
>
> [[User:Peteforsyth]]
>
>
>
> On 02/17/2017 11:49 AM, Adrian Raddatz wrote:
>
>> I'm not convinced of the problem. The WMF global bans are designed to step
>> in where community processes would not be appropriate. From their page on
>> Meta: "global bans are carried out ... to address multi-project
>> misconduct,
>> to help ensure the trust and safety of the users of all Wikimedia sites,
>> or
>> to assist in preventing prohibited behavior". The last two reasons should
>> not be dealt with by the community; our volunteers do not have the
>> resources, qualifications, or liability required to deal with them. But
>> perhaps "multi-project misconduct" could be handled by the WMF
>> differently.
>> Instead of imposing a WMF ban, they could build a case for a community
>> ban,
>> and follow that process instead. As I said though, I'm not convinced that
>> there is a problem with how things are done currently. Some things
>> shouldn't be handled by community governance.
>>
>> Adrian Raddatz
>>
>> On Fri, Feb 17, 2017 at 11:40 AM, Pine W  wrote:
>>
>> How would you suggest modifying the process so that it is compatible with
>>> community governance? Note that while I'm dissatisfied with the system
>>> that
>>> is in place now, I doubt that there will be a perfect solution that is
>>> free
>>> from all possible criticism and drama. I would give the current system a
>>> grade of "C-" for transparency and a grade of "F" for its compatibility
>>> with community governance. I don't expect ether grade to get to an "A",
>>> but
>>> I would be satisfied with "B" for transparency and "B+" for community
>>> governance.
>>>
>>>
>>>
>>> Pine
>>>
>>>
>>> On Fri, Feb 17, 2017 at 11:21 AM, Adrian Raddatz 
>>> wrote:
>>>
>>> Wikimedia isn't a country, the global ban policy isn't a law. Any such
 metaphors are honestly a bit ridiculous. The WMF bans are, for the most
 part, sensitive. And that means that they all need to be, because if you
 have a list of reasons that you can disclose, then any bans without

>>> comment
>>>
 are going to be on a very short 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Robert Fernandez]

There is actually quite a bit of community involvement in the process.
They repeatedly respond to community requests for information about
processes and are open to community feedback regarding them.  What they
won't do is give you specific information about specific cases, and so the
demands for extreme transparency will never be satisfied.   I would support
a call for an independent professional audit, from inside or outside the
WMF, of cases or processes, but these details should never be revealed to
volunteers who do not possess the training to deal with these sensitive
issues or have any professional or legal accountability if they screw up or
release personal information, as has happened numerous times when community
volunteers were entrusted with these tasks.

Personally I have completely lost faith in the clown car of community
governance, but I understand that to many in our community it is an
important value.  But as Nathan said, community governance is not always
the best tool.  Why do we believe that the same tools can deal with the
problems of deciding what to put on the front page and what to do about a
victimized child?

And to this I would add that these are not issues of community governance
at all.   The WMF should not interfere in matters of community governance
like policy issues regarding article content, etc.  But when we are talking
about issues regarding off-wiki harassment, sexual predators, etc., why
should this fall under the banner of community governance as it has nothing
to do with writing an encyclopedia?  These are legal, real world issues and
should be handled by professionals and/or law enforcement.



On Fri, Feb 17, 2017 at 2:08 PM, Pine W  wrote:

> I am glad to hear that WMF global bans are processed through multiple
> people. Still, I am deeply uncomfortable with the lack of community
> involvement in this process as well as the lack of transparency. In the US
> we don't trust professional law enforcement agencies to make decisions
> about who should go to jail without giving the accused the right to a trial
> by a jury of their peers. Unless we have lost faith in peer governance
> (which would be a radical break with open source philosophy) I think it is
> both unwise and inappropriate to have "the professionals" make these
> decisions behind closed doors and with zero community involvement in the
> process.
>
> I am in favor of professionals working on investigations, and in
> enforcement of community decisions to ban *after* those decisions have been
> made by the community through some meaningful due process. I oppose letting
> "the professionals" decide among themselves who should be banned.
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Nathan]

On Fri, Feb 17, 2017 at 2:40 PM, Pine W  wrote:

> How would you suggest modifying the process so that it is compatible with
> community governance? Note that while I'm dissatisfied with the system that
> is in place now, I doubt that there will be a perfect solution that is free
> from all possible criticism and drama. I would give the current system a
> grade of "C-" for transparency and a grade of "F" for its compatibility
> with community governance. I don't expect ether grade to get to an "A", but
> I would be satisfied with "B" for transparency and "B+" for community
> governance.
>
>
>
> Pine
>
>

Community governance is a tool. It is not the point. It is also not always
the best tool. It's been an urge for years in some parts to treat the
Wikimedia movement (or pieces of it) like a governance experiment to play
out their personally ideal model for the distribution of power. But in this
case, the responsibility of the WMF to fundamentally control access to
project sites cannot be completely cleaved away to the community. If you
would like to experiment with power dynamics, there are other better forums
I'm sure.
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Pete Forsyth]

I want to chime in briefly, since I have direct personal experience in 
WMF0-initiated bans.


Not long ago, Support & Safety took an action to exclude somebody for 
whom I, as a volunteer, felt some responsibility. Initially, I felt that 
there was inadequate communication with me, and as a result the action 
put me in a difficult position. I brought the issue to James Alexander's 
attention. He took the time to discuss the issue in some depth; he 
acknowledged that it should have been handled better by WMF, and assured 
me that the experience would inform future efforts. If we're going to be 
using letter grades, I would James and his colleagues an "A" on the 
debrief, and I am confident that he and his colleagues have done/will do 
better after the fact.


There are good reasons for some bans to be handled by volunteers, and 
good reasons for some bans to be handled entirely by professionals. 
There are also some incidents that clearly fall into a grey area where 
cooperation is needed, and it's important that such incidents be handled 
with a sensitivity to their unique qualities, which requires trust in 
the various people involved to judge how much public communication is 
appropriate.


Final point -- all of this is now very much a departure from the subject 
line and the original topic, which were about permissions *for WMF 
staff*. If discussion on bans continues, I'd suggest introducing a new 
subject line.


-Pete

[[User:Peteforsyth]]


On 02/17/2017 11:49 AM, Adrian Raddatz wrote:

I'm not convinced of the problem. The WMF global bans are designed to step
in where community processes would not be appropriate. From their page on
Meta: "global bans are carried out ... to address multi-project misconduct,
to help ensure the trust and safety of the users of all Wikimedia sites, or
to assist in preventing prohibited behavior". The last two reasons should
not be dealt with by the community; our volunteers do not have the
resources, qualifications, or liability required to deal with them. But
perhaps "multi-project misconduct" could be handled by the WMF differently.
Instead of imposing a WMF ban, they could build a case for a community ban,
and follow that process instead. As I said though, I'm not convinced that
there is a problem with how things are done currently. Some things
shouldn't be handled by community governance.

Adrian Raddatz

On Fri, Feb 17, 2017 at 11:40 AM, Pine W  wrote:


How would you suggest modifying the process so that it is compatible with
community governance? Note that while I'm dissatisfied with the system that
is in place now, I doubt that there will be a perfect solution that is free
from all possible criticism and drama. I would give the current system a
grade of "C-" for transparency and a grade of "F" for its compatibility
with community governance. I don't expect ether grade to get to an "A", but
I would be satisfied with "B" for transparency and "B+" for community
governance.



Pine


On Fri, Feb 17, 2017 at 11:21 AM, Adrian Raddatz 
wrote:


Wikimedia isn't a country, the global ban policy isn't a law. Any such
metaphors are honestly a bit ridiculous. The WMF bans are, for the most
part, sensitive. And that means that they all need to be, because if you
have a list of reasons that you can disclose, then any bans without

comment

are going to be on a very short list of quite serious reasons. Plus, the
ones without a reason would still have the "wikipediocracy-lite" crowd

that

seems to dominate this list in a fuss.

It's also worth noting that the WMF provides some basic details of global
bans to certain trusted community groups. The issue isn't with

disclosure,

it's with mass disclosure.

On Feb 17, 2017 11:09 AM, "Pine W"  wrote:


I am glad to hear that WMF global bans are processed through multiple
people. Still, I am deeply uncomfortable with the lack of community
involvement in this process as well as the lack of transparency. In the

US

we don't trust professional law enforcement agencies to make decisions
about who should go to jail without giving the accused the right to a

trial

by a jury of their peers. Unless we have lost faith in peer governance
(which would be a radical break with open source philosophy) I think it

is

both unwise and inappropriate to have "the professionals" make these
decisions behind closed doors and with zero community involvement in

the

process.

I am in favor of professionals working on investigations, and in
enforcement of community decisions to ban *after* those decisions have

been

made by the community through some meaningful due process. I oppose

letting

"the professionals" decide among themselves who should be banned.
___
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
wiki/Wikimedia-l
New messages to: 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Adrian Raddatz]

I'm not convinced of the problem. The WMF global bans are designed to step
in where community processes would not be appropriate. From their page on
Meta: "global bans are carried out ... to address multi-project misconduct,
to help ensure the trust and safety of the users of all Wikimedia sites, or
to assist in preventing prohibited behavior". The last two reasons should
not be dealt with by the community; our volunteers do not have the
resources, qualifications, or liability required to deal with them. But
perhaps "multi-project misconduct" could be handled by the WMF differently.
Instead of imposing a WMF ban, they could build a case for a community ban,
and follow that process instead. As I said though, I'm not convinced that
there is a problem with how things are done currently. Some things
shouldn't be handled by community governance.

Adrian Raddatz

On Fri, Feb 17, 2017 at 11:40 AM, Pine W  wrote:

> How would you suggest modifying the process so that it is compatible with
> community governance? Note that while I'm dissatisfied with the system that
> is in place now, I doubt that there will be a perfect solution that is free
> from all possible criticism and drama. I would give the current system a
> grade of "C-" for transparency and a grade of "F" for its compatibility
> with community governance. I don't expect ether grade to get to an "A", but
> I would be satisfied with "B" for transparency and "B+" for community
> governance.
>
>
>
> Pine
>
>
> On Fri, Feb 17, 2017 at 11:21 AM, Adrian Raddatz 
> wrote:
>
> > Wikimedia isn't a country, the global ban policy isn't a law. Any such
> > metaphors are honestly a bit ridiculous. The WMF bans are, for the most
> > part, sensitive. And that means that they all need to be, because if you
> > have a list of reasons that you can disclose, then any bans without
> comment
> > are going to be on a very short list of quite serious reasons. Plus, the
> > ones without a reason would still have the "wikipediocracy-lite" crowd
> that
> > seems to dominate this list in a fuss.
> >
> > It's also worth noting that the WMF provides some basic details of global
> > bans to certain trusted community groups. The issue isn't with
> disclosure,
> > it's with mass disclosure.
> >
> > On Feb 17, 2017 11:09 AM, "Pine W"  wrote:
> >
> > > I am glad to hear that WMF global bans are processed through multiple
> > > people. Still, I am deeply uncomfortable with the lack of community
> > > involvement in this process as well as the lack of transparency. In the
> > US
> > > we don't trust professional law enforcement agencies to make decisions
> > > about who should go to jail without giving the accused the right to a
> > trial
> > > by a jury of their peers. Unless we have lost faith in peer governance
> > > (which would be a radical break with open source philosophy) I think it
> > is
> > > both unwise and inappropriate to have "the professionals" make these
> > > decisions behind closed doors and with zero community involvement in
> the
> > > process.
> > >
> > > I am in favor of professionals working on investigations, and in
> > > enforcement of community decisions to ban *after* those decisions have
> > been
> > > made by the community through some meaningful due process. I oppose
> > letting
> > > "the professionals" decide among themselves who should be banned.
> > > ___
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > wiki/Wikimedia-l
> > > New messages to: Wikimedia-l@lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > 
> > ___
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> >
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Pine W]

How would you suggest modifying the process so that it is compatible with
community governance? Note that while I'm dissatisfied with the system that
is in place now, I doubt that there will be a perfect solution that is free
from all possible criticism and drama. I would give the current system a
grade of "C-" for transparency and a grade of "F" for its compatibility
with community governance. I don't expect ether grade to get to an "A", but
I would be satisfied with "B" for transparency and "B+" for community
governance.



Pine


On Fri, Feb 17, 2017 at 11:21 AM, Adrian Raddatz 
wrote:

> Wikimedia isn't a country, the global ban policy isn't a law. Any such
> metaphors are honestly a bit ridiculous. The WMF bans are, for the most
> part, sensitive. And that means that they all need to be, because if you
> have a list of reasons that you can disclose, then any bans without comment
> are going to be on a very short list of quite serious reasons. Plus, the
> ones without a reason would still have the "wikipediocracy-lite" crowd that
> seems to dominate this list in a fuss.
>
> It's also worth noting that the WMF provides some basic details of global
> bans to certain trusted community groups. The issue isn't with disclosure,
> it's with mass disclosure.
>
> On Feb 17, 2017 11:09 AM, "Pine W"  wrote:
>
> > I am glad to hear that WMF global bans are processed through multiple
> > people. Still, I am deeply uncomfortable with the lack of community
> > involvement in this process as well as the lack of transparency. In the
> US
> > we don't trust professional law enforcement agencies to make decisions
> > about who should go to jail without giving the accused the right to a
> trial
> > by a jury of their peers. Unless we have lost faith in peer governance
> > (which would be a radical break with open source philosophy) I think it
> is
> > both unwise and inappropriate to have "the professionals" make these
> > decisions behind closed doors and with zero community involvement in the
> > process.
> >
> > I am in favor of professionals working on investigations, and in
> > enforcement of community decisions to ban *after* those decisions have
> been
> > made by the community through some meaningful due process. I oppose
> letting
> > "the professionals" decide among themselves who should be banned.
> > ___
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Adrian Raddatz]

Wikimedia isn't a country, the global ban policy isn't a law. Any such
metaphors are honestly a bit ridiculous. The WMF bans are, for the most
part, sensitive. And that means that they all need to be, because if you
have a list of reasons that you can disclose, then any bans without comment
are going to be on a very short list of quite serious reasons. Plus, the
ones without a reason would still have the "wikipediocracy-lite" crowd that
seems to dominate this list in a fuss.

It's also worth noting that the WMF provides some basic details of global
bans to certain trusted community groups. The issue isn't with disclosure,
it's with mass disclosure.

On Feb 17, 2017 11:09 AM, "Pine W"  wrote:

> I am glad to hear that WMF global bans are processed through multiple
> people. Still, I am deeply uncomfortable with the lack of community
> involvement in this process as well as the lack of transparency. In the US
> we don't trust professional law enforcement agencies to make decisions
> about who should go to jail without giving the accused the right to a trial
> by a jury of their peers. Unless we have lost faith in peer governance
> (which would be a radical break with open source philosophy) I think it is
> both unwise and inappropriate to have "the professionals" make these
> decisions behind closed doors and with zero community involvement in the
> process.
>
> I am in favor of professionals working on investigations, and in
> enforcement of community decisions to ban *after* those decisions have been
> made by the community through some meaningful due process. I oppose letting
> "the professionals" decide among themselves who should be banned.
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Pine W]

I am glad to hear that WMF global bans are processed through multiple
people. Still, I am deeply uncomfortable with the lack of community
involvement in this process as well as the lack of transparency. In the US
we don't trust professional law enforcement agencies to make decisions
about who should go to jail without giving the accused the right to a trial
by a jury of their peers. Unless we have lost faith in peer governance
(which would be a radical break with open source philosophy) I think it is
both unwise and inappropriate to have "the professionals" make these
decisions behind closed doors and with zero community involvement in the
process.

I am in favor of professionals working on investigations, and in
enforcement of community decisions to ban *after* those decisions have been
made by the community through some meaningful due process. I oppose letting
"the professionals" decide among themselves who should be banned.
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

[Wikimedia-l] Central and Eastern European Spring 2017

[Nikola Kalchev]

Dear Wikipedians of the world,

this year the article writing contest CEE Spring takes place for the third
time. It is a contest in which Wikipedians write about topics like the
culture, history, notable people, geography, etc., of the region of Central
and Eastern Europe. We are aiming to close the content gap about the region
on as many Wikipedias as possible and this year we are opening it for local
contests outside of the region. On most Wikipedias we, Wikipedians, write
about our own region and topics of worldwide significance. On most
Wikipedias there would be an article about your own history and the history
of the Roman Empire, but there would not be an article about the Kingdom of
Livonia, there would be an article about Luciano Pavarotti, but not about
Solomiya Krushelnytska, an article about Lord Byron, but not about Hristo
Botev.

You can help us close this knowledge gap by joining CEE Spring and
organising a local contest on your own Wikipedia. It starts on March 21st
and ends on May 31st. The local organisers from the CEE region will prepare
topics on their parts of the world and put them at [1], so that the
participants from your community can find inspiration easily. You can
follow our blog [2] and our Facebook page [3] where we share the stories of
the created articles and interesting topics. If you wish to organise a
contest on your wiki please add your wiki and name at [4].

And if someone creates something exceptional there might be a pleasant
surprise for them one day.

Best regards,

Nikola / User:Lord Bumbury

On behalf of the International Organising Team

[1] https://meta.wikimedia.org/wiki/Wikimedia_CEE_Spring_2017/Article_Lists

[2] http://ceespring.eu

[3] https://www.facebook.com/WCEESpring/

[4] https://meta.wikimedia.org/wiki/Wikimedia_CEE_Spring_2017/Participants
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 

Re: [Wikimedia-l] WMF advanced permissions for employees

[Antoine Musso]

Le 16/02/2017 à 11:31, Vi to a écrit :
> Dealing with staffs they are way so close to more serious stuffs than the
> mediawiki user interface, so I wouldn't care about their on site accesses.
> Root access to db, squid data, mailman, physical access to residuals of old
> identification system, subpoena etc (even random paper sheets left on the
> top of a desktop) is, to me, way more serious than being able to make some
> noise in a fairly controlled environment
> 
> .

Hello,

I have some of the access you describe and had them for more than a
decade. Partly as a volunteer in the early days, nowadays as a
contractor to the WMF.   I have been following the whole thread, let me
highlight a bit about the technical side of it since you mention site
accesses.


Those accesses are granted solely for technical reasons. It has always
be made clear to me that technical people should NOT use their rights to
mess with the sites community. All the rest is the role of Support &
Safety, Community Liaisons, Legal, ArbCom or whatever else. They are way
better than us to gauge how to interact with people, and heck it is
their job!



In the very early days there were no staff and I eventually got granted
access after lot of online discussion and ultimately with an half an
hour phone call from France to Australia. (hello Jeronim). I guess it
was a matter of trust.

Nowadays that is legally enforced with Non Disclosure Agreement, Server
Access Responsabilities. For contractors a commercial contract, for
staff with an employment contact and all the associated laws.

A standard in the industry is that people only have a slice of rights
granted to them.  They should be limited to the sub set of accesses that
let them do their work. Any requests for more has to be justified and
goes via a quarantine period to make sure it is properly endorsed.


* I do not have access to mailman , cache logs nor I have root on
databases. When I need informations from such systems, I ask them to
people who have the access. They will either deny my request or get the
informations and deliver them back to me.

* I do have access to the databases of the public wikis. So I can for
example help a user to recover access to their account (there is a
process for that) or do the equivalent of CheckUser when one script bot
is threatening the infrastructure.


Only a few people do have all the technical accesses. They have process
and follow them. So if we have a process to revoke someone access, they
will make sure the requirements have been fulfilled (eg: signed by Legal
or C-level) and do their duty.  Their job is not to question whether the
revocation is justified, their role is to make sure that it is the
proper person asking for the revocation and then just do it.  They might
have personal feeling, might do the revocation against their own will.
In the end they act.  And having witnessed that first hand a couple
times, it is not fun at all, but that is the part of the job.


As a side note, all the people I know having such accesses are heavy
defender of privacy. Up to a point we end up all being very paranoid.


-- 
Antoine "hashar" Musso
"dont forget: be bold!"


___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,