I think they should be de-sysopped - they've put the project at massive
risk..
-----Original Message-----
From: wikipedia-l-bounces(a)Wikimedia.org
[mailto:wikipedia-l-bounces@Wikimedia.org] On Behalf Of Alphax (Wikipedia
email)
Sent: 03 February 2006 03:52
To: wikipedia-l(a)Wikimedia.org
Subject: Re: [Wikipedia-l] Re: [Wikitech-l] Password security
Walter Vermeir wrote:
Andrew Gray <shimgray@...> writes:
It strikes me that announcing in advance
"Hey, guys, a number of
accounts INCLUDING n SYSOPS have blank passwords and can easily be
taken over..", then not fixing it for a while, is a recipe for
disaster. It's not that hard to generate a list of users with admin
privileges, and presumably neither is it impossible to write a short
script to try 800 logins...
But there can not be many sysop or higher accounts with no password (I
hope).
Using no password, especially when you are sysop is highly
irresponsible and those users should be de-sysoped.
When there are no accounts left that are anything else then normal
users then blank password could be enabled again for 2 weeks or so to
give those users the time to pick a password.
How can users who have no access anymore to there account regain access
Brion?
Make a bugzilla ticket?
There are certainly sysops on en: who don't have email addresses entered
- should /they/ be desysopped?
There are certainly plenty of people who haven't entered email addresses,
and complain "I've lost my password, can you reset it for me"
- but how can we be sure that they are the owner of the account, if they
never entered an email address?
One solution, possibly not the best, is to force people to enter an email
address, and send an "activation token" to that address. At present email is
the only way people have of recovering passwords; we need to either give
them another way, or make email part of the signup process.
--
Alphax -
http://en.wikipedia.org/wiki/User:Alphax
Contributor to Wikipedia, the Free Encyclopedia "We make the internet not
suck" - Jimbo Wales Public key:
http://en.wikipedia.org/wiki/User:Alphax/OpenPGP