Meta:Requests for comment/Create a 2FA tester local meta usergroup

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
An editor has requested comments on the issue described below. Please feel free to share your thoughts.

Statement of the issue[edit]

Per Meta:Requests_for_comment/Enable_2FA_on_meta_for_all_users and a short discussion on babel which some users feedback to me that RFC is more appropriate so here we are.

The group to be set up is 2FA Tester group. Group rights are oauth-enable . The propose place of granting of the rights is still SRGP RFH. Initially there will be a message at SRGP to redirect these requests to RFH. All meta sysops and stewards will be given access to grant /revoke the rights.

As of the global group, it can be either depreciated / remain but not granted. The 1st option will reduce confusion, but existing 2FA testers need to switch over and we need to do some work locally / globally. For 2nd option, there may be some confusion but easier in administering.

The scope of this RFC is then 2 parts

  1. Support this usergroup / oppose this usergroup
  2. Depreciate the global group / having it alongside

Hope for your feedback and thanks.--Camouflaged Mirage (talk) 11:56, 20 February 2020 (UTC)


There would be no need to bother SRGP for this, stewards don't need to act when local volunteers can, so using RFH should suffice. — xaosflux Talk 14:31, 20 February 2020 (UTC)

@Xaosflux: The reason why I say SRGP is that SRGP have better record keeping as well as the fact that I don't want too much tethering problem of users don't know where to request the right. I don't mind RFH too.--Camouflaged Mirage (talk) 14:34, 20 February 2020 (UTC)
The only record keeping this should need would be a link in the rights log, that can be done with PermaLinks. At least initially we could put a link on SRGP to RFH for anyone following old links. — xaosflux Talk 14:38, 20 February 2020 (UTC)
Fair enough, shall change it accordingly. Thanks for the suggestion.--Camouflaged Mirage (talk) 14:39, 20 February 2020 (UTC)
  • Support Support Yes, let's take a load off the stewards. I support this usergroup and depreciating the global group, as it would be redundant. ~riley (talk) 17:15, 20 February 2020 (UTC)
  • Support Support but the name of the group should be just "2FA" or "two-factor authentication". The testing ended long ago. Ruslik (talk) 18:27, 20 February 2020 (UTC)
    Probably should be something like oathauth-user, and we can localize it then. — xaosflux Talk 18:35, 20 February 2020 (UTC)
    I'd also be in favor of adding strong warnings to the page, like in the examples I put on the other RFC. — xaosflux Talk 18:36, 20 February 2020 (UTC)
  • Oppose Oppose: reasons. —MarcoAurelio (talk) 18:58, 20 February 2020 (UTC)
  • Oppose Oppose Largely per MA. A clearer need and rationale for this change is required. – Ajraddatz (talk) 19:24, 20 February 2020 (UTC)
  • Support Support, per ~riley and Ruslik0. —Sgd. Hasley 23:01, 20 February 2020 (UTC)
  • GA candidate.svg Weak support shouldn't deprecate the global ones as this one is locally activated (if possible) but there are 2 opinions by stewards (we are not swamped by request vs we are just a rubber stamper).--AldnonymousBicara? 09:48, 21 February 2020 (UTC)
  • Support Support --Novak Watchmen (talk) 21:12, 26 February 2020 (UTC)