On 5/28/06, Steve Bennett stevagewp@gmail.com wrote:
On 5/28/06, Andrew Gray shimgray@gmail.com wrote:
Not that I'm sold on it, but if you're going down *that* avenue, just RFA in batches of twenty or thirty and hand out accounts en bloc...
I'm not sold either, but the debate should perhaps be had. There are basically three broad options:
- "The borg" - all admins by default act through the same account. It
is possible, but with difficulty, to determine who performed which administrative act. - Major problems of accountability of course. 2. "Pseudonyms" - each admin has an account used exclusively for administrative actions. At his discretion, he may disclose this link. Problems - maintaining the secrecy, convincing users that accountability is maintained, users having no idea of the history of each admin (where they suddenly came from...) 3. As current - problems: targetability, admins having more sway than is reasonable when acting outside their role (eg, content disputes) etc.
Comments and opinions pls.
This proposal doesn't seem to have any advantages that I can see, but I can think of one or two major ones.
If you can't tell the identity of the person who performed an administrator action, then there's no way to detect administrators who abuse their powers to gain advantage during a content dispute.
If you have the "borg" solution then it becomes very difficult even for the system to track who actually performed which sysadmin action.
If instead you have a shadow admin account for each admin user, we're back where we started, but with the disadvantage that we can't see anything about an admin except his admin actions. I cannot see what possible good such concealment could do. Administrators need to be accountable. We need to see who is up to what.