[Infrastructure] Automation for mailing list permissions

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Jun 6 09:58:42 MST 2019



On 3/6/2019 7:05 μ.μ., Ryan Sleevi wrote:
> == User and Credential Management:
> Jos mentioned that the new wiki's credentials were based on the 
> canonical spreadsheet of membership [1], rather than based on the old 
> wiki's user list. The spreadsheet reflects declared memberships 
> following the adoption of the revised bylaws.
>
> The new wiki allows each WG to have their own separate areas, allowing 
> read-only access to all members, but write-access based on members 
> with that appropriate tag. Tags have been set up for each of the Forum 
> WGs - the Infrastructure WG (transitioning to a Forum subcommittee), 
> the Code Signing WG, and the Server Cert WG.
>
> Ryan raised a suggestion that we should audit/inventory our existing 
> user credential systems. We have the wiki, and we also have a variety 
> of mailing lists with posting privileges. Now that most of the impact 
> from the Bylaws transition has settled, and the migration has largely 
> settled, we should look to take stock about the existing memberships 
> and make sure that our various access controls are consistent. Right 
> now, there's no visibility into who is participating where, and that 
> carries with it IP risks and uncertainty. The suggestion was having a 
> Web-based dashboard that can at least view the set of participants 
> associated with an organization, on a per-organization basis.
>
> Ben raised the suggestion of a desire to have per-user permissions. 
> During the call, we identified permissions as: posting to the mailing 
> list, access to the wiki, proposing/endorsing ballots, voting on 
> ballots, and joining new WGs as all being distinct activities that may 
> be performed. This seemed to be a common challenge, particularly for 
> large organizations with many teams.
>
> While this is an interesting challenge, it's clear there's a lot of 
> work here, and it impacts the Forum at large. The discussion for next 
> steps was to build a holistic list of all the accounts that exist, for 
> all the mailing lists, and to allow members to go through and examine 
> and figure out what is appropriate for their organization. This will 
> then help inform what sort of capabilities are needed from the Forum 
> and from members, and what sort of participation is desired or needed. 
> The proposal is to send this to the management list.
>
> The discussion did not propose a deadline for harmonizing these lists 
> - the first step is understanding the scope of the problem or delta 
> between the canonical membership and the participants, to determine 
> what sort of changes may be needed or desired. However, this list and 
> understanding the scope may help inform a F2F Topic to discuss the 
> scope of the problem and desired outcomes, many of which may involve a 
> modification to the Bylaws to account for.

Regarding this topic, we had discussed it in the past and there was a 
transition plan and how to go about creating new Working Groups 
(https://docs.google.com/document/d/1FxTRCvOiDFttffa8v-PRPcj5PCEnBO4mCFzpVy9jd0c/edit). 
While this plan most probably needs a revision (some of the action items 
are complete, others have been dismissed), we are still missing the 
automation for managing the mailing lists using a single information source.

One of the main reasons we couldn't spend time/effort for this 
automation was the fact that we could not get shell access to the server 
that hosts the existing mailman instance. I hope once we migrate to the 
new VM we will be able to do some tests that will help automation.


Thanks,
Dimitris.


More information about the Infrastructure mailing list