Proposal: Responsibilities and Processes for Website League Keyholders
ruby
Public
Seen by 28
Draft Proposal: https://docs.google.com/document/d/1dn3gQ5BHvBDTwA6WJcdMq7dCy0rxkyuSck0ut2f1iJ4/edit
I've drafted a proposal with the intent to codfiy our current ad-hoc practices with regards to central infrastructure management and administration access. Please give it a read and provide any thoughts, modifications or other feedback.
Unless decided otherwise, this proposal will be put to a consensus vote after at least a 3 day comment period.
ruby Fri 6 Dec 2024 5:04AM
@sirocyl Haha Oops. fixed
sirocyl Fri 6 Dec 2024 5:04AM
ty \o
Item removed
sirocyl Fri 6 Dec 2024 5:24AM
I think the "refrain to access" provision (Duties 6) should be fleshed out a bit more, in terms of information security best-practices, principles and coordinating procedures.
ruby Fri 6 Dec 2024 2:02PM
@sirocyl Do you (or anyone else) have any prior art I'd be able to draw from, in terms of what should be added there?
ruby Sun 8 Dec 2024 11:11AM
I've added an additional paragraph to the Rationale section, to make clear that Keyholders are no more important/powerful than Stewards in matters of governance.
While Keyholders are trusted with access to more of the Website League’s infrastructure, this should not elevate them beyond the status of any other Steward in governance. The purpose of the Keyholder role is to ensure smooth operation of central League services, and to minimize the attack surface of those services by granting access to as few people as possible. Keyholders are not to be viewed as “above” Stewards in any sense, and Keyholders must not abuse their elevated access to attempt to subvert, disrupt, or overrule League governance processes.
ruby Tue 10 Dec 2024 1:49AM
Some additional changes have been made, after discussion on Coordination (relevant thread):
- Include the Gitlab organization and Google account hosting our shared Google Drive under Access
- Clarify that only Stewards are eligible for Keyholder responsibilities
- Define a process for Keyholders to temporarily step down from their roles if necessary
Poll Created Tue 10 Dec 2024 4:30AM
Responsibilities and Processes for Website League Keyholders Closed Wed 11 Dec 2024 12:04AM
I am cancelling this vote, due to the inability of stewards outside of the Governance Working Group to vote on this proposal. I'll move this proposal into the main Stewardship group and reopen this vote, so that all stewards are able to vote on it. If you already voted here, you'll have to vote again in the new poll once it's created - apologies for the inconvenience.
Please provide your proposal below.
https://docs.google.com/document/d/1dn3gQ5BHvBDTwA6WJcdMq7dCy0rxkyuSck0ut2f1iJ4/edit
For this proposal to pass, two-thirds of group membership must vote and there must be no major objections. While you are not obliged to provide a reasoning for anything besides a major objection, it may be helpful to others to explain why you support, have reservations with, or must stand aside from a proposal.
Results
| Results | Option | % of points | Voters | |
|---|---|---|---|---|
|
|
Endorse | 16.7% | 1 |
|
| No objection | 83.3% | 5 |
|
|
| Minor objection | 0.0% | 0 | ||
| Stand aside | 0.0% | 0 | ||
| Abstain | 0.0% | 0 | ||
| Major objection | 0.0% | 0 | ||
| Undecided | 0% | 2 |
|
6 of 8 people have participated (75%)
sirocyl
Tue 10 Dec 2024 4:30AM
There's some "TBD"/WIP language in there but I'm good with the overall shape of it
sirocyl · Fri 6 Dec 2024 5:01AM
the linked proposal is the old DMG procedures Prop #4