On Feb 4, 2008 10:40 AM, Philip Sandifer snowspinner@gmail.com wrote:
On Feb 4, 2008, at 8:49 AM, Steve Bennett wrote:
Erm. So, any admin can delete the main page just by editing a page in the MediaWiki namespace first? So Tim's hack basically serves only to prevent accidental or other non-malicious deletion.
It's probably also security against hijacked administrator accounts, actually - it certainly seems like most of our account hijackers are not particularly knowledgeable about how MediaWiki works, or they'd do far more clever things than they do.
But it's not very good security against them. It means that their obvious first action (go to Wikipedia, look around for fun things to abuse, see "delete" button, click) is stymied, sure, but that just makes them more obnoxious to track down. It will take a lot longer to notice and they could do considerably more annoying damage than causing the Main Page to vanish for a couple of minutes. Sysops who start deleting a small number of random not-so-large pages (since they can't delete pages with too many revisions) aren't necessarily going to be desysopped immediately.
I think a better idea would be to have the plugin not just block the attempt, but also desysop them with a helpful message and log entry. If it was a mistake -- well, no harm done, they can just explain to a bureaucrat or steward and get their sysop rights back within half an hour, probably. If it was malicious -- there goes any ability to cause much damage.
This feature seems like it would be best to reserve for wikis that ask for it, either way (but especially if it does desysopping!). The prohibition against moving will be especially likely to confuse wikis that actually want to change their main page for some reason.
And this should also be made a proper extension. Currently, in particular, it doesn't seem like it's internationalized, or conceivably could be.