Regarding "Mandatory code review (especially with a required waiting time) and 
mandatory reauthentication are far more invasive than removing JS editing 
permissions from administrators who don't want them.": I think that mandatory 
code review and mandatory authentication would be far less costly and far 
faster to implement in terms of volunteer time spent redesigning social 
processes and managing permissions. These options both sound good to me.

In the longer term, I am thinking about how to implement a new permission as 
you suggest. The more that I think about it, the more that I believe that it 
could be done with less time cost to volunteers than I originally was dreading. 
For example, the new permission could be locally assignable by stewards upon 
community request, similar to bureaucrat permissions. A month-long RFC with 
adequate translations would likely be sufficient to surface most major 
unintended side effects and to surface suggestions for design modifications.

Regarding "I feel most people don't appreciate how *extremely* scary the 
current situation is. The public backlash around the Seigenthaler affair was 
sparked by Wikipedia carelessly causing harm to a single individual. It would 
be child's play compared to what would happen if a few ten thousand people had 
their bank accounts cleaned, or a few dozen opposition members arrested by the 
secret police, or something like that, because Wikipedians decided security 
improvements were not worth the effort of moving users from one group to 
another.": unless I have overlooked something, there seems to be consensus in 
this thread that changes are worth considering, and people are discussing which 
changes to make and in what order. People are trying to be helpful, and please 
keep that in mind.

( )
Wikitech-l mailing list

Reply via email to