Στις 13-04-2012, ημέρα Παρ, και ώρα 12:49 +1000, ο/η Andrew Garrett έγραψε: > On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena <[email protected]> wrote: > > > > An account with sysop rights cannot do that much damage anyway. > > > Deleting a page does no more damage than deleting a paragraph in an > > > existent page, and the latter can be done by anybody; in fact, > > > deleting a page makes a lot more noise. The same goes for protection, > > > blocking and editing in the MediaWiki space - everything is easily > > > traceable and reversible, and in a functioning wiki community the > > > damage will be minimal. > > > > That isn't excuse to leave project open to damage. Security of > > mediawiki users and their accounts should be important for us anyway. > > > > Actually, this is the most important thing to think about. > > There is no such thing as perfect security. You just need to make it more > costly to breach security than the benefit that a hacker would get for it. > Conversely, you need to expend no more effort in security than the cost of > a breach in security. > > Now, there are things that sysops can do that aren't so easily reversible. > You could surreptitiously add site JS that captured tokens from checkusers > and released large amounts of sensitive data, so it's not exactly without > merit. But I don't think it's justifiable to dismiss discussion about > whether extra security is "worth it". >
If I wanted to cause harm to an editing community, one of the better ways might be to take over a few inactive sysop accounts and slowly start to push for policies and take actions that are divisive. The resulting damage to community trust would be hard indeed to undo; think back to the various infiltration programs of law enforcement into activist groups in the 1960's and 1970's in the U.S. for a prime example of this. I don't think this justifies automated de-sysopping of inactive accounts (because this also sends a message about trust or value to the account owner), but a notification system of some sort, as has been proposed earlier in this thread, might be nice. Ariel _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
