[Infrastructure] Automation for mailing list permissions
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Jun 6 09:58:42 MST 2019
On 3/6/2019 7:05 μ.μ., Ryan Sleevi wrote:
> == User and Credential Management:
> Jos mentioned that the new wiki's credentials were based on the
> canonical spreadsheet of membership , rather than based on the old
> wiki's user list. The spreadsheet reflects declared memberships
> following the adoption of the revised bylaws.
> The new wiki allows each WG to have their own separate areas, allowing
> read-only access to all members, but write-access based on members
> with that appropriate tag. Tags have been set up for each of the Forum
> WGs - the Infrastructure WG (transitioning to a Forum subcommittee),
> the Code Signing WG, and the Server Cert WG.
> Ryan raised a suggestion that we should audit/inventory our existing
> user credential systems. We have the wiki, and we also have a variety
> of mailing lists with posting privileges. Now that most of the impact
> from the Bylaws transition has settled, and the migration has largely
> settled, we should look to take stock about the existing memberships
> and make sure that our various access controls are consistent. Right
> now, there's no visibility into who is participating where, and that
> carries with it IP risks and uncertainty. The suggestion was having a
> Web-based dashboard that can at least view the set of participants
> associated with an organization, on a per-organization basis.
> Ben raised the suggestion of a desire to have per-user permissions.
> During the call, we identified permissions as: posting to the mailing
> list, access to the wiki, proposing/endorsing ballots, voting on
> ballots, and joining new WGs as all being distinct activities that may
> be performed. This seemed to be a common challenge, particularly for
> large organizations with many teams.
> While this is an interesting challenge, it's clear there's a lot of
> work here, and it impacts the Forum at large. The discussion for next
> steps was to build a holistic list of all the accounts that exist, for
> all the mailing lists, and to allow members to go through and examine
> and figure out what is appropriate for their organization. This will
> then help inform what sort of capabilities are needed from the Forum
> and from members, and what sort of participation is desired or needed.
> The proposal is to send this to the management list.
> The discussion did not propose a deadline for harmonizing these lists
> - the first step is understanding the scope of the problem or delta
> between the canonical membership and the participants, to determine
> what sort of changes may be needed or desired. However, this list and
> understanding the scope may help inform a F2F Topic to discuss the
> scope of the problem and desired outcomes, many of which may involve a
> modification to the Bylaws to account for.
Regarding this topic, we had discussed it in the past and there was a
transition plan and how to go about creating new Working Groups
While this plan most probably needs a revision (some of the action items
are complete, others have been dismissed), we are still missing the
automation for managing the mailing lists using a single information source.
One of the main reasons we couldn't spend time/effort for this
automation was the fact that we could not get shell access to the server
that hosts the existing mailman instance. I hope once we migrate to the
new VM we will be able to do some tests that will help automation.
More information about the Infrastructure