https://bugzilla.wikimedia.org/show_bug.cgi?id=55718
--- Comment #8 from MZMcBride <[email protected]> --- (In reply to comment #7) > (In reply to comment #6) >> From the revision tag, we can see that the edit was made via an OAuth >> application. How do you prove or disprove that this application was >> authorized to make an edit on your behalf? > > Because if it wasn't then it couldn't have made the edit? It's like asking > how you prove or disprove that someone had the user right to delete a page > that > they deleted. Surely I needn't be the one to point out that all user groups changes are logged in MediaWiki core (cf. [[Special:Log/rights]]). :-) > A better example, perhaps, would be if you wanted to be able to audit when > exactly you gave that app permission to make edits on your behalf. Sure, human memory being notoriously fickle is another great reason to keep a log. I nearly mentioned this above, but forgot. (-; I think logging privilege escalation and de-escalation is an obvious feature to include, though I can't do more than shrug at some of the responses on this bug report. I think time and experience will bear me out on this one. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
