I tend to agree with Steven's comments. I think that requiring review would, as 
he said, be less costly to implement in terms of the amount of volunteer time 
spent on managing permissions. I think that there would also be less time spent 
discussing and redesigning social processes than there would be if the existing 
admin permissions are split and communities must decide who should get which 
level of admin permissions.
In terms of engineering time, implementing a review process might be more 
costly, but given the significantly lower cost of social implementation to 
volunteers, I think that this option would be my first choice in the short 

( https://meta.wikimedia.org/wiki/User:Pine )
-------- Original message --------From: Gergo Tisza <gti...@wikimedia.org> 
Date: 6/11/18  3:11 PM  (GMT-08:00) To: Wikimedia developers 
<wikitech-l@lists.wikimedia.org> Subject: Re: [Wikitech-l] Please comment on 
the draft consultation for
  splitting the admin role 
On Mon, Jun 11, 2018 at 6:02 PM Steven Walling <steven.wall...@gmail.com>

> I'm definitely supportive of greater security for sitewide JS/CSS, but
> Bart's proposal is an interesting one. (Sorry for top posting, on mobile)
> What if we required review of edits to JS/CSS in the MediaWiki namespace
> (not in other namespaces), ala pending changes or something similar? We
> require code review in Gerrit, so why not sitewide code in the wiki?
> I propose this because if we split code editing rights into a separate
> userright, this entails increased process bloat for managing who and who
> doesn't get the right, the criteria for deciding that, and so on. Requiring
> code review would allow for more flexibility while increasing security. It
> would require less process bloat too because the community already has
> mechanisms for requesting edits be confirmed via talk pages and such.

That's a good way to improve security, but orthogonal to separating
permissions (it would probably mean that an attacker would have to find two
vulnerable accounts, while this change will reduce the pool of accounts an
attacker could target; both make attacks harder, in different ways). No
reason not to do both, but separating permissions is (relatively) easy and
a review system is more like something on the scale of FlaggedRevs.

If you are interested, https://phabricator.wikimedia.org/T71445 has plenty
of discussion on code review for gadgets;
https://phabricator.wikimedia.org/T187749 is a variant of it I'm working on.
Wikitech-l mailing list
Wikitech-l mailing list

Reply via email to