Opened 2 years ago

Last modified 19 months ago

#23932 new enhancement

Please grant more folks list creation permissions

Reported by: atagar Owned by: qbi
Priority: Medium Milestone:
Component: Internal Services/Service - lists Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi Jens, three weeks ago I filed a request for a new list (#23726). Low priority, but the lack of traction is making me realize we have a bus factor of one for list creation...

09:16 < atagar_> Does anyone besides qbi have access to make a list? Having https://trac.torproject.org/projects/tor/ticket/23726 would be helpful.
09:23 < hiro> atagar_ sorry I can't help w this

We all juggle a lot of stuff so perfectly fine for things like this to slip through the cracks, but we should ensure others can step in when that happens. As one of our sysadmins hiro would be a great candidate. I would be another since like you I'm a list admin.

Thanks!

Child Tickets

Change History (9)

comment:1 Changed 2 years ago by nickm

Is there any reason not to do this?

comment:2 Changed 2 years ago by arma

Wasn't Karsten a list person at one point? I thought we had like three.

If we are indeed down to one, we should add more.

Qbi, can you help us understand the tradeoffs here? In particular, is our mailman set-up such that we have to give access to a whole bunch of incidental things if we add another mailman admin, or is the surface area relatively controlled?

comment:3 Changed 2 years ago by atagar

Karsten was a list admin along with me, but neither of us ever had list creation permissions. Iirc it's always been restricted to qbi, weasel, and phobos. I certainly could be wrong though.

comment:4 Changed 2 years ago by qbi

It is no helpful to say on the one side that #23726 is low priority and has time while on the other side creating such a ticket and making some fuss about it. Atagar, if a ticket actual has a higher priority or needs to be done up to a specific date, please mention that in the ticket and it will be handled faster.

comment:5 Changed 2 years ago by atagar

Hi Jens. I marked the ticket as low priority because there indeed wasn't any rush - we were in the middle of discussions and it was fine if it took a while. But after four weeks this was now getting in the way. This is why I asked you for the list in person at the dev meeting, then bumped the ticket again ten days ago.

I'm sorry if I got on your nerves. We're both volunteers here and if you're busy with other stuff that's *absolutely* fine. It would just be wise if more than one person had access so when situations arise the requester could defer to someone else. That's all. :)

comment:6 Changed 19 months ago by qbi

The current approach for creating a new mailing list is as follows:

  1. Someone makes a ticket
  2. Check if all the required information are present. See https://trac.torproject.org/projects/tor/wiki/doc/emailLists#HowdoIaskforanewmailinglist
  3. Someone needs to run newlist on eugeni. "Someone" is a person which belongs to the admin group (currently weasel, qbi and nickm). The following information need to be entered:
    1. Name of the list
    2. Email address of the new listadmin
    3. Password for the list. The password must also go to a password repository.
  4. Go to https://trac.torproject.org/projects/tor/wiki/doc/emailLists and enter the information about the newly created list
  5. Log in at the list page at https://lists.torproject.org and enter the list description plus maybe make more changes.
  6. Close the ticket

So step three is the one which only a limited set of people can do. As far as I see it extending the number of people would require to give them root privileges. The possible harm which can be done here is more than just wait for a few days for a new list. Thatswhy I'm hesitant to go this way. IMHO it is better to ask one of the two remaining people if list creation takes too long. What are your opinions on this?

comment:7 Changed 19 months ago by atagar

Thanks Jens! We're definitely in agreement that we should keep the set of people with root small. Here's my thoughts on it...

  1. We should check with weasel and nickm to see if they're ok with being asked to create lists. If they're up for being an occasional fallback for this then great! On the wiki we can say "Jens (qbi) usually creates new lists, but if he's unavailable for a couple weeks then feel free to reach out to X."
  1. Should hiro be added to the list? My understanding is that she's employed by TPI to be one of our sysadmins so it seems odd we aren't granting her access. Maybe there's concerns around this that I'm missing?
  1. Lets add the instructions you mention above to the wiki. This way weasel and nickm can easily reference them when they step in.

Thoughts?

comment:8 Changed 19 months ago by arma

Thoughts:

  • I think we don't make lists all that often, so it isn't super urgent to grow the list of admin people too much. We just need to find a way for new list requests to not slip through the cracks.
  • In theory somebody else can do steps 1,2,4,5,6. From previous tickets it looks like having somebody else ensure step 2 got done right, before we bug anybody about step 3, would be helpful. Maybe these are the list admins, and that's Damian and...used to be Karsten? Is it anybody else?
  • I would feel bad bugging weasel about this one, since we want his attention for bigger vision things. That mainly leaves Nick and qbi. We should check with Nick to see what he thinks about his role here.
  • hiro is our service admin, which is a different role. The sysadmins keep the underlying infrastructure going, and the service admins keep all the stuff like trac and blog and gitlab and so on stable and secure and working. The reason why this mailman question is messy is that apparently mailman is set up so only sysadmins can actually admin the service. That's not how it should be in an ideal world.
  • qbi, I assume you've thought through "I wonder if we could give sudo privs to run just the newlist command"? (It looks like most people are unable to even log in to eugeni? Which makes sense because it's the central mail server.)

comment:9 in reply to:  8 Changed 19 months ago by qbi

Replying to arma:

  • qbi, I assume you've thought through "I wonder if we could give sudo privs to run just the newlist command"? (It looks like most people are unable to even log in to eugeni? Which makes sense because it's the central mail server.)

I thought about this. As far as I see it, it'll need quite some changes. I developed an idea which could work and send this to the admin team to discuss it. I'll update the ticket if this turns out to be a worthwhile solution.

Note: See TracTickets for help on using tickets.