You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Help:Toolforge/Rules: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Dvorapa
m (sort)
imported>BryanDavis
(→‎Toolforge rules: add some Template:Anchor tags for deep linking)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<noinclude>{{Template:Toolforge nav}}</noinclude>
<noinclude>{{Template:Toolforge nav}}</noinclude>
== Overview ==
This page contains information about the rules that govern Toolforge use.
== Toolforge rules ==
As part of Wikimedia Cloud Services, Toolforge is subject to the general [[Wikitech:Cloud Services Terms of use|Cloud Services Terms of use]], and is governed by the following additional rules:
As part of Wikimedia Cloud Services, Toolforge is subject to the general [[Wikitech:Cloud Services Terms of use|Cloud Services Terms of use]], and is governed by the following additional rules:


# '''All code''' run in the Tools project must be of benefit to the Wikimedia movement.
# {{Anchor|rule_1}}'''All code run in the Tools project must be of benefit to the Wikimedia movement.'''
#:Using resources for ''any'' other reason is considered abuse and may result in a loss of access.  This ban does include, but is not limited to, all mining for cryptographic currencies.  This class of activity also falls under the [[Wikitech:Cloud Services Terms of use#What_uses_of_Cloud_Services_do_we_not_like?|Prohibited Uses]] section of the [[Wikitech:Cloud Services Terms of use|TOU]].
#:Using resources for ''any'' other reason is considered abuse and may result in a loss of access.  This ban does include, but is not limited to, all mining for cryptographic currencies.  This class of activity also falls under the [[Wikitech:Cloud Services Terms of use#What_uses_of_Cloud_Services_do_we_not_like?|Prohibited Uses]] section of the [[Wikitech:Cloud Services Terms of use|TOU]].
# '''All code in the Tools project must be published under an [http://opensource.org/licenses OSI approved] open source license'''
# {{Anchor|rule_2}}'''All code in the Tools project must be published under an [https://opensource.org/licenses OSI approved] open source license'''
#: The absence of a license means that default copyright laws apply. Without a clear license you are implicitly claiming copyright without providing an explanation of the rights you are willing to grant to others who wish to use or modify your software. This means that you retain all rights to your source code and that nobody else may reproduce, distribute, or create derivative works from your work until standard copyright lapses. In the United States today that means until 70 years after your death. This is counter to the general principles of the Wikimedia movement.
#: The absence of a license means that default copyright laws apply. Without a clear license, you are implicitly claiming copyright without providing an explanation of the rights you are willing to grant to others who wish to use or modify your software. This means that you retain all rights to your source code and that nobody else may reproduce, distribute, or create derivative works from your work until standard copyright lapses. In the United States today that means until 70 years after your death. This is counter to the general principles of the Wikimedia movement.
# '''Do not use your personal account for noninteractive use'''
# {{Anchor|rule_3}}'''Do not use your personal account for noninteractive use'''
#:Any process intended to keep running while you are not actively interacting with it (e.g., through a detached <code>screen</code> session, as a background process, or through <code>cron</code>) must be run through a [[Help:Toolforge#Tool_Accounts|tool account]], and not your personal account.
#:Any process intended to keep running while you are not actively interacting with it (e.g., through a detached <code>screen</code> session, as a background process, or through <code>cron</code>) must be run through a [[Help:Toolforge#Tool_Accounts|tool account]], and not your personal account.
# '''Do not run noninteractive processes on the bastion servers'''
# {{Anchor|rule_4}}'''Do not run noninteractive processes on the bastion servers'''
#:Likewise, any process meant to execute without direct interaction should be submitted to the [[Help:Toolforge/Grid|grid]] (e.g. via <code>jsub</code> or <code>webservice</code>) and not run directly on the login hosts. It is permissible to run ''lightweight'' processes (such as submitting a job, or rotating logs), but for anything that runs for more than a few seconds or consumes large amounts of resources the job grid or Kubernetes should be used. Processes running on the bastion servers are subject to termination without notice.
#:Likewise, any process meant to execute without direct interaction should be submitted to the [[Help:Toolforge/Grid|job grid]] (e.g. via <code>jsub</code> or <code>webservice</code>) or the [[Help:Toolforge/Kubernetes|Kubernetes cluster]] and not run directly on the login hosts. It is permissible to run ''lightweight'' processes (such as submitting a job, or rotating logs), but for anything that runs for more than a few seconds or consumes large amounts of resources the job grid or Kubernetes should be used. Processes running on the bastion servers are subject to termination without notice.
# '''Do not run wikis or user-contributed content sites with open registration'''
# {{Anchor|rule_5}}'''Do not run wikis or user-contributed content sites with open registration'''
#:Spambots are very good at finding and flooding wikis, forums and other forms of user-contributed content sites to hammer with their crud.  Tools that allow end-users to post content should limit posting to registered users that have been validated in some generally reliable manner (either by human verification, by checking against the user being a project member, or using [[Mediawikiwiki:Help:OAuth|OAuth]]).
#:Spambots are very good at finding and flooding wikis, forums and other forms of user-contributed content sites to hammer with their crud.  Tools that allow end-users to post content should limit posting to registered users who have been validated in some generally reliable manner (either by human verification, by checking against the user being a project member, or using [[Mediawikiwiki:Help:OAuth|OAuth]]).
# '''Do not provide direct access to Cloud Services resources to unauthenticated users'''
# {{Anchor|rule_6}}'''Do not provide direct access to Cloud Services resources to unauthenticated users'''
#:For instance, do not allow web clients to issue shell commands or arbitrary SQL queries against the databases. Cloud Services resources are shared and limited, and it must be possible to attribute usage to specific LDAP users who are bound to the terms of use. Toolforge admin vetted Tools that include substantial anti-abuse and attribution information, such as [[PAWS]] and [[Portal:Data_Services#Quarry|Quarry]], are allowed.
#:For instance, do not allow web clients to issue shell commands or arbitrary SQL queries against the databases. Cloud Services resources are shared and limited, and it must be possible to attribute usage to specific LDAP users who are bound to the terms of use. Toolforge admin vetted Tools which include substantial anti-abuse and attribution information, such as [[PAWS]] and [[Portal:Data_Services#Quarry|Quarry]], are allowed.
<noinclude>
<noinclude>
{{:Help:Cloud Services communication}}
== See also ==
== See also ==
* [[Help:Toolforge/Abandoned_tool_policy|Abandoned tool policy]]
* [[Help:Toolforge/Abandoned_tool_policy|Abandoned tool policy]]
Line 20: Line 30:
* [[Help:Toolforge/Toolforge_standards_committee|Toolforge standards committee]]
* [[Help:Toolforge/Toolforge_standards_committee|Toolforge standards committee]]


[[Category:Toolforge policies| ]]</noinclude>
[[Category:Toolforge| Rules]]
[[Category:Documentation]]
[[Category:Cloud Services]]
[[Category:Toolforge policies]]

Latest revision as of 16:40, 18 August 2022

Overview

This page contains information about the rules that govern Toolforge use.

Toolforge rules

As part of Wikimedia Cloud Services, Toolforge is subject to the general Cloud Services Terms of use, and is governed by the following additional rules:

  1. All code run in the Tools project must be of benefit to the Wikimedia movement.
    Using resources for any other reason is considered abuse and may result in a loss of access. This ban does include, but is not limited to, all mining for cryptographic currencies. This class of activity also falls under the Prohibited Uses section of the TOU.
  2. All code in the Tools project must be published under an OSI approved open source license
    The absence of a license means that default copyright laws apply. Without a clear license, you are implicitly claiming copyright without providing an explanation of the rights you are willing to grant to others who wish to use or modify your software. This means that you retain all rights to your source code and that nobody else may reproduce, distribute, or create derivative works from your work until standard copyright lapses. In the United States today that means until 70 years after your death. This is counter to the general principles of the Wikimedia movement.
  3. Do not use your personal account for noninteractive use
    Any process intended to keep running while you are not actively interacting with it (e.g., through a detached screen session, as a background process, or through cron) must be run through a tool account, and not your personal account.
  4. Do not run noninteractive processes on the bastion servers
    Likewise, any process meant to execute without direct interaction should be submitted to the job grid (e.g. via jsub or webservice) or the Kubernetes cluster and not run directly on the login hosts. It is permissible to run lightweight processes (such as submitting a job, or rotating logs), but for anything that runs for more than a few seconds or consumes large amounts of resources the job grid or Kubernetes should be used. Processes running on the bastion servers are subject to termination without notice.
  5. Do not run wikis or user-contributed content sites with open registration
    Spambots are very good at finding and flooding wikis, forums and other forms of user-contributed content sites to hammer with their crud. Tools that allow end-users to post content should limit posting to registered users who have been validated in some generally reliable manner (either by human verification, by checking against the user being a project member, or using OAuth).
  6. Do not provide direct access to Cloud Services resources to unauthenticated users
    For instance, do not allow web clients to issue shell commands or arbitrary SQL queries against the databases. Cloud Services resources are shared and limited, and it must be possible to attribute usage to specific LDAP users who are bound to the terms of use. Toolforge admin vetted Tools which include substantial anti-abuse and attribution information, such as PAWS and Quarry, are allowed.


Communication and support

Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:

Discuss and receive general support
Receive mail announcements about critical changes
Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
Track work tasks and report bugs
Use the Phabricator workboard #Cloud-Services for bug reports and feature requests about the Cloud VPS infrastructure itself
Learn about major near-term plans
Read the News wiki page
Read news and stories about Wikimedia Cloud Services
Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)

See also