Jump to content

Help:Toolforge/Abandoned tool policy

From Wikitech

The Toolforge Abandoned Tool policy helps to protect Wikimedia wikis from loss of a useful tool. It defines processes for:

  • Requesting to be added as co-maintainer of a tool which has no active maintainers (adoption)
  • Requesting removal of inactive maintainers in a tool they have adopted (usurpation)

The acts of adoption and usurpation are methods of last resort for restoring critical functionality for a Wikimedia community. It should not be necessary for any tool that is following the recommended best practice of multiple maintainers, public source code, and maintenance and operational documentation. It is not a process that can be used to resolve disagreements between co-maintainers or maintainers and the community over features, bugs, or upgrade timelines.

The key words must, must not, should, should not, and may in this document are to be interpreted as described in RFC:2119.

Adoption

A tool is considered abandoned and eligible for adoption by an interested maintainer when:

  1. Any of the following conditions are met:
    1. The tool must have been nonfunctional (no webservice/offline) for 14 days.
    2. The current tool maintainer(s) must not have been active in any Wikimedia project for 28 days.
  2. The current tool maintainer(s) must be notified via talk page post on Wikitech, and their home wiki (if known), and email (if available).
  3. The current tool maintainer(s) must not object to the addition within 14 days from their notification.

You can file a task using this link, and replace the TOOLNAME and LINKs as applicable.

None of the waiting and notification steps are needed if the only current maintainer of the tool is Owner of abandoned tools. These tools are assumed to have been voluntarily abandoned by their former maintainers. Only the phabricator task is needed in this case.

Prior to granting access to an adopting user, obvious secret information such as SUL account passwords, database passwords, and OAuth secrets should be removed from the tool's home directory. If secrets are not removed, the Toolforge Standards Committee must contact appropriate on-wiki communities such as WP:BAG and Stewards to ensure that they are informed of the forcible transfer of ownership of the existing credentials.

Usurpation

A tool is eligible for usurpation when:

  1. The tool must be adopted by the requesting maintainer following the adoption policy.
  2. The tool must be functional for at least 90 days following adoption.
  3. The tool must have at least 2 active maintainers.
  4. The tool must publish its source code using either Wikimedia's provided services or another public version control system.
  5. The tool must document basic installation and configuration steps needed to run a copy of the tool under another Toolforge shared account.
  6. The inactive maintainer(s) must be notified via talk page post on wikitech, their home wiki (if known), and email (if available).
  7. The inactive maintainer(s) must not object to their removal within 30 days from their notification.

Toolforge standards committee

The Toolforge standards committee is a group of Wikimedia volunteers who review, approve, and facilitate requests for adoption and usurpation of abandoned tools. The committee has the power to review the source code in a the tool's home directory and decide if obvious secret information such as SUL account passwords, database passwords, and OAuth secrets should be removed or not.

Committee membership

Members of the Toolforge standards committee must:

  • be active members in good standing of the Toolforge community
  • sign the Wikimedia Foundation's Volunteer NDA

Scope of policy

For the purposes of this policy, "Toolforge" is defined as the Tools project hosted in Cloud VPS and the software and services that it provides. This includes but is not limited to all software uploaded to or created within Toolforge by current and past Toolforge project members ("tool maintainers"). Services from other Wikimedia Cloud VPS projects and externally hosted services do not fall under the scope of this policy.

See also