G'day John,
While I agree with all that you've said, I fear that for practical reasons, it would be impossible to cover up an action. As geni has noted on Wikipedia-l, often what happens instead is that the scandal becomes even bigger once it's revealed a controversial action was kept quiet -- something which, as we've just learnt, probably isn't going to be a rare occurrence. Security through obscurity isn't a very effective mechanism. I suggest creating a special board class of users (as others have proposed), so that ordinary admins can't wheel war with these users, or otherwise do anything liable to get us in trouble (i.e. view deleted revisions of a page deleted by a board user). Confronting the problem head on is a lot more effective than trying to prevent people from finding out about the problem -- with the latter, you either succeed greatly, or fail miserably. Security through obscurity won't work here, not as things stand.
That can work. Make Dannyisme one of these users, but leave Danny as it is. Make attempts to undo Dannyisme's actions show a message similar to the failed rollback error thingy.
On another note, I find it disturbing that some people (Kelly and Tony, mainly) appear to have missed the greater point here. Yes, we know -- doing something under WP:OFFICE draws trolls and real rouge admins to the article like moths to a flame. However, if due to this, we abandon WP:OFFICE altogether, what's the point? And even assuming that all admins have their heads screwed on the right way, and do ask Danny if he did this because of legal issues, how does this resolve anything? The rouge admins would still have the information they need.
Yes, but you mean "rogue". *You're* a rouge admin, but I'd never call you rouge ... unless the clarion call of McCarthyism grew too strong, of course. Grrrowl.
<snip />
All I'm saying is, we might need to go this far. But there are plenty of other possibilities yet to be explored. Let's accept the fact that trolls will buzz around WP:OFFICE protected articles, spreading their malicious lies. As James has noted, what's important is that we batten down the hatches and prevent any real damage from coming to Wikipedia. One way at least guaranteed to achieve something towards this end is to prevent board actions from being reverted, and to make the information related to them out of bounds to ordinary admins and editors. It's a lot better than being left in a situation where admins aren't even sure whether their next action (be it a simple query about something Danny did, or undoing a very questionable deletion) will get Wikipedia and/or the Foundation in deep shit.
I'm not sure we *can* be held responsible for the behaviour of WikiTruth. On the face of things (and I'm talking common sense here, not legal stuff, because we have a lawyer and he's not me), WikiTruth republishing defamatory or copyvio material is no different from any mirrors doing the same thing, from Wikipedia's point of view. In either case, the material is out there, there's nothing we can do about it, and we've already done our best to satisfy the victim.
'Course, the fact that one of our number (who, I understand, reads this mailing list --- hi, there!) is going out of his way to hurt other people as a perverted way of getting at us might mean something --- we can't even trust our own admins! But I dunno that it's worth panicking about --- anyone can get the info off a mirror, or save likely-to-be-deleted stuff ahead of time, or ... yeah.
I liked Phil Welch's suggestion (I note that WikiTruth don't) that anyone concerned about defamatory material being hosted on WikiTruth should be told to leave us the hell alone and go sue WikiTruth. After all, it's their fault and their problem.