On 11/08/14 21:49, Brad Jorsch (Anomie) wrote: > On Mon, Aug 11, 2014 at 2:01 PM, John Mark Vandenberg <[email protected]> > wrote: >> Now, the devs/ops have attempted to introduce that capability, and the >> new functionality is very likely riddled with holes, some of which >> MZMcBride has suggested in the thread 'Options for the German >> Wikipedia'. >> > > Most of what MZMcBride posted there has nothing to do with actually > breaking superprotection. Editing a page that isn't superprotected isn't a > break in the protection feature itself, for example. Nor is hacking > people's accounts.
Right, we (devs) weren't asked to prevent admins from disabling MediaViewer, we were only asked to make it possible to protect pages in the MediaWiki namespace such that ordinary admins couldn't edit them. I understood the feature request as introducing a more gradual escalation path, it wasn't an attempt to directly achieve a particular goal. John Mark Vandenberg wrote: >> These patches only introduce a new policy, >> signalling a new era, and make it technically more challenging to >> bypass that new policy. The policy written says "Sysops are not >> allowed to inject JavaScript into the reader's user-agent which >> interferes with WMF's favoured features." Erik was very clear about this policy change in his first email to this thread. -- Tim Starling _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[email protected]?subject=unsubscribe>
