Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Pine W
Regarding "Mandatory code review (especially with a required waiting time) and mandatory reauthentication are far more invasive than removing JS editing permissions from administrators who don't want them.": I think that mandatory code review and mandatory authentication would be far less

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Gergő Tisza
On Tue, Jun 12, 2018 at 8:56 AM Federico Leva (Nemo) wrote: > Personally I'd like us to explore agnostic and non-invasive solutions. > Mandatory code review (especially with a required waiting time) and mandatory reauthentication are far more invasive than removing JS editing permissions from

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Gergő Tisza
On Tue, Jun 12, 2018 at 3:26 AM Nathan wrote: > Is the risk of an attacker taking over an account with CSS/JS edit > permissions any more or less because that person knows how to use CSS/JS? > I tried to address this in the FAQ: > * The number of accounts which can be used to compromise the

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Federico Leva (Nemo)
Personally I'd like us to explore agnostic and non-invasive solutions. The subdivision of permissions across more user groups relies on a number of assumptions which may not hold. For instance, on thousands of MediaWiki wikis there's only one sysop anyway. Something I would like is the

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Pine W
On Mon, Jun 11, 2018 at 6:26 PM, Nathan wrote: > Is the risk of an attacker taking over an account with CSS/JS edit > permissions any more or less because that person knows how to use CSS/JS? > If the criteria will be that only people who know how to use CSS/JS will > get access to make those

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Nathan
Is the risk of an attacker taking over an account with CSS/JS edit permissions any more or less because that person knows how to use CSS/JS? If the criteria will be that only people who know how to use CSS/JS will get access to make those edits, I'm not sure that is perfectly tailored to the need

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Pine W
I tend to agree with Steven's comments. I think that requiring review would, as he said, be less costly to implement in terms of the amount of volunteer time spent on managing permissions. I think that there would also be less time spent discussing and redesigning social processes than there

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Gergo Tisza
On Mon, Jun 11, 2018 at 6:02 PM Steven Walling wrote: > I'm definitely supportive of greater security for sitewide JS/CSS, but > Bart's proposal is an interesting one. (Sorry for top posting, on mobile) > > What if we required review of edits to JS/CSS in the MediaWiki namespace > (not in other

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Pine W
Apologies for the typos. Speaking of being thoughtful, perhaps I should be more careful when typing on mobile devices. Pine ( https://meta.wikimedia.org/wiki/User:Pine ) Original message From: Pine W Date: 6/11/18 1:42 PM (GMT-08:00) To: Wikimedia developers Subject: Re:

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Pine W
Hi Gergő, I think that your proposal makes sense and would be good for the community to consider in an RfC. Because this could involve complex wikilegal changes to how Wikimedia sites assign user permissions, and presently unforseen side effects, I think that the RfC should be translated into a

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Steven Walling
I'm definitely supportive of greater security for sitewide JS/CSS, but Bart's proposal is an interesting one. (Sorry for top posting, on mobile) What if we required review of edits to JS/CSS in the MediaWiki namespace (not in other namespaces), ala pending changes or something similar? We require

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Bart Humphries
" I remember a situation when I posted a fix for a script in the MediaWiki namespace as an {{edit request}}, and a well-meaning administrator tried to "improve" my line of code and forgot a comma, breaking all JavaScript for all logged-in as well as not logged-in Wikipedia editors and readers for

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Petr Bena
Speaking of security, I believe that all sysops and people allowed to edit JS / CSS anywhere on mediawiki sites should be required to use 2FA. On Mon, Jun 11, 2018 at 4:53 PM, Gergo Tisza wrote: > On Mon, Jun 11, 2018 at 3:28 PM Petr Bena wrote: > >> Is there any historical evidence that sysops

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Gergo Tisza
On Mon, Jun 11, 2018 at 3:28 PM Petr Bena wrote: > Is there any historical evidence that sysops being able to edit JS / > CSS caused some serious issues? Your point that "most of > administrators don't understand JS / CSS" is kind of moot. They are > usually trustworth and intelligent people.

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Petr Bena
OK in that case I think this should be done. On Mon, Jun 11, 2018 at 3:40 PM, Thiemo Kreuz wrote: >> Is there any historical evidence that sysops being able to edit JS / CSS >> caused some serious issues? > > Oh yes, this happens more often than I feel it needs to. I remember a > situation when

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Thiemo Kreuz
> Is there any historical evidence that sysops being able to edit JS / CSS > caused some serious issues? Oh yes, this happens more often than I feel it needs to. I remember a situation when I posted a fix for a script in the MediaWiki:… namespace as an {{edit request}}, and a well-meaning

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Bartosz Dziewoński
On 2018-06-11 15:28, Petr Bena wrote: Is there any historical evidence that sysops being able to edit JS / CSS caused some serious issues? Your point that "most of administrators don't understand JS / CSS" is kind of moot. They are usually trustworth and intelligent people. They don't mess up

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-11 Thread Petr Bena
Is there any historical evidence that sysops being able to edit JS / CSS caused some serious issues? Your point that "most of administrators don't understand JS / CSS" is kind of moot. They are usually trustworth and intelligent people. They don't mess up with something they don't understand and