Volunteer NDA

From Wikitech

Privileged Phabricator access

Some tasks in Phabricator (mainly those in the WMF-NDA project) require access to private or protected data.

For this reason, anyone being granted these types of permissions needs to sign a non-disclosure agreement (NDA) with the Wikimedia Foundation. All Wikimedia Foundation employees are covered by an NDA they sign when hired. The rest of our contributors must sign a specific volunteer NDA directly with Legal via a ticket tagged with "WMF-NDA-requests". Please note that volunteers requesting server access must follow the Requesting shell access NDA process instead.

Interested? Follow this process:

Create a request

Create a task in Phabricator under the WMF-NDA-Requests project with the following data:

  • A list of permissions requested and the reasoning behind your request
  • It is better to explain your use case and needs than it is to ask for specific permissions
  • Wikimedia Foundation employees supporting your request (CCed)

Any progress will be communicated in this task.

Get support

In order to move forward we will need:

  • At least one comment of support from a Wikimedia Foundation employee, explaining why it is a good idea to accept your request
  • A comment of approval from one Wikimedia Foundation manager (usually the manager of an employee supporting you).
  • After that, ask in the Phabricator task to make you a member of the "WMF-NDA" project.
  • In the task you will be instructed where to send an email to follow through the process with the Legal team. Once done they will add a comment to the Phabricator task that you have signed the NDA.
    • Note in order to sign this agreement, you must be at least 18 years old. In rare circumstances, WMF, in consultation with the legal team, may grant an exception for someone who is at least 16 years old.
  • (Have someone with access double-check the internal Google doc for NDA holders to check if you have been added.)
    • Note: this access is limited only to WMF's Legal, Phabricator administration, and SRE teams.
  • (Have someone with access add you to the list of members of the Phabricator WMF-NDA project.)

Welcome to the NDA club!

After checking that your acceptance of the online agreement is in place, you will be added to the WMF-NDA project and you will be granted the permissions requested. The task you created will be closed as Resolved.

  • Special note: Employees do need to sign an NDA with legal when they leave WMF. This must be signed for their access to confidential data to remain.

Privileged LDAP or shell access

Volunteers who are seeking access to a service requiring privileged LDAP access (listed here: LDAP/Groups) or who wish to obtain shell access to the production cluster need to sign a NDA with the Wikimedia Legal department. It's managed digitally via software called Cobblestone.

Interested? Follow this process:

Create a request

Create an "SRE-Access-Requests" task in Phabricator with the following information:

  • A list of permissions requested and the reasoning behind your request
  • It is better to explain your use case and needs than it is to ask for specific permissions
  • Wikimedia Foundation employees supporting your request (CCed)

Any progress will be communicated in this task.

Get support

In order to move forward we will need:

Get access

  • A member of the SRE team will pick up your request (these are assigned on a weekly rotation) and contact the Legal department of the Wikimedia Foundation.
  • They'll reach out to you and prepare an NDA which you then need to sign
  • When that has been confirmed, the SRE will grant you shell access or add you to the cn=nda LDAP group
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Volunteer_NDA&oldid=2170935"