Onboard gromit as Trusted User

Onboarding an Arch Linux team member

Details

• Team member username: @gromit
• Application: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/7PQAQ4QYQIHG4EKRYJRIVUVJRQ22MKFF/
• Voting result: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/message/AZG3HBZDESVFA6K55L5OW6RLDPSMEX3B/
• SSH public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6YsLTOo8SI57c8I0DAmdmB+6MxbH6gJepoCQ8vMSOsAprokaP4sw4m5d5mqjsHwxLcLE30bnIEDFIzSrOxCvhOX6Zi6dErUMUaOYhbcOTbKGhHUpLfQyh8jHJx1hbV0QrGL6tRU/aS/tDRbedeXpKusCaocltWllFJj8Fbaw4qb8HSWrJMXMfSlTQ+G78WkgMGvLSyOEbVKKOyYN+u7lA1GUt5/NOlujbmGBbLWAeaz65LegzP84SWMcCnFrN5ju/VNwWAi+kaxsIRikA8W36dtP4AO17IoarP9+efVpGeo517dW/1fvnCPqDmaaC7wwOhhGbJ/Yz2QK8kSFXJUT16Y2W5O7rH2KzitXIX/JkQAJlgkLfdH22ToyiSUZoG/RFpSxorpkdHIIZDkh5yuFQwPwukL1whks4CJncz3JVZEvJUey0utxNbVcmZ9Viq2BMrojJ3fCb58Aw7C81YM7q4dQiMCQ0Ks4osXAPDMLnPnh5OVMhr3vVDl/KOF/Ar4TFqagypOmdZbkNa2qOzJWBFRw9R8G6Q5U1c2d3GiRWfpHz4YTtGc6/d2WYJbnPL0/fx1+K/QS3FojZOTMXdDLST3XaOPhedJB99EXB4eE0W6Vy9/9Isb/YnGpTkgFvtW8+swoCW5SpgKbYrDo3IICt1N1ajb6JZqqGI3aHl1WepQ==
• Full Name: redacted
• Personal e-mail address: redacted
• PGP key ID used with personal e-mail address: 0xC047D4F328B52585
• Communication e-mail address: [arch]

All roles checklist

• Add user mail if TU or developer, or support staff and communication e-mail address is arch.
  • Add new user email as per docs/email.md.
  • Add entry in group_vars/all/archusers.yml.
    • If support staff hosts should be set to mail.archlinux.org.
    • homedir.archlinux.org is also allowed for support staff, but it is opt-in.
  • Add SSH pubkey to pubkeys/<username>.pub.
  • Run ansible-playbook -t archusers $(git grep -l archusers playbooks/ | grep -v phrik).
• Create a new user in archweb. Select the appropriate group membership and allowed repos (if applicable).
• Subscribe communication e-mail address to internal staff mailing list.
• Allow sending from communication e-mail address on arch-dev-public (subscribe and/or find address and remove moderation).
• Give the user access to #archlinux-staff on Libera Chat.
• Give the user a link to our staff services page.
• Replace the Team member username with the @-prefixed username on Gitlab.
• Remove personal information (such as Full Name and Personal e-mail address, as well as the clearsigned representation of this data), remove the description history and make the issue non-confidential.
• Request staff cloak on Libera Chat (Group contacts)

TU/Developer onboarding checklist

• Create an issue in archlinux-keyring using the "New Packager Key" template (archlinux-keyring#223 (closed)).
• Assign the user to the Trusted Users or Developers group on Keycloak.
• Assign the user to the Trusted Users or Developers group on archlinux.org.
• Subscribe communication e-mail address to internal arch-tu or arch-dev mailing list.
• Give the user access to #archlinux-tu or #archlinux-dev on Libera Chat.