The event that triggered the drafting of this policy was the request from Wikimedia Deutschland to have new hires be added to the mediawiki group immediately. According to this policy, that would not be the case: WMDE hires would still have to go through the request process to get +2 on core. Is this intentional? I seem to recall that there was agreement that it would be ok to have staff of trusted orgs get +2 per default. The alternative would be to include the wmde group in the mediawiki group, but I would advise against this - WMDE may want to grant access to their own stuff to a volunteer, without granting access to *everything*. Also, WMF may withhold access to core from specific people who work at WMDE, while still allowing them to be a member of the WMDE group, and have +2 on repos managed by WMDE.
Topic on Talk:Gerrit/Privilege policy
That's not how I read it. New WM Deutschland employees would be automatically added to the wmde group, which by my interpretation of this document, is assumed to automatically have +2 on the whole mediawiki/ tree.
I don't see wmde listed in https://gerrit.wikimedia.org/r/admin/projects/mediawiki,access
@Nikerabbit is right wmde LDAP group is not yet included under mediawiki project.
My understanding was, that based on the new policy, as a next wmde group will be added there. This is a technicality, which I am not sure has not be made more explicit in the policy.
Regarding one point from @DKinzler (WMF): wmde LDAP group should only be for WMDE staff IMO. Same as wmf LDAP group is in my understanding for WMF staff only (with "staff" I also mean active contractors etc). for possible volunteer access, some other groups would be used etc. But this again seems to me be a detail, which is not really in the scope of the policy.
@Leszek Manicki (WMDE) originally, the idea was to make the WMDE group an "included" group of the MediaWiki group. However, this would make it impossible to have people in the WMDE group but not in the MediaWiki group. There have been cases in the past of WMDE staff being denied +2 on the mediawiki group, and that possibility should still exist.
Instead, the idea is to have a list of "associated" groups for trusted organizations, for which these organizations can request members to be added without the need for prior public discussion.
In effect, this means that WMDE staff can added to the mediawiki group per default at onboarding, but can also be removed from this group again without removing them from the WMDE group.