Rich Holton wrote:
If there are things that admins can do NOW that could cause us to have to roll-back two weeks, then there is an immediate problem NOW, not connected to any change in our selection procedure for admins. No selection procedure will be 99.98% effective, and the damage of attempting to achieve that is just too great.
Geni said "weeks of cleanup OR a rollback of the database", not both. I don't see what possible vandalism could require a rollback to a point before the vandalism actually started happening. The vandalism would have to be pretty stealthy to be ongoing for two weeks.
So, shall we remove the admin bit from anyone who admits to knowing how to cause such damage? Or shall we immediately take steps to make it so such damage is impossible?
Bit of a false dilemma there. Considering these methods of admin vandalism have been available for quite some time and I don't know of any actually being used, how about leaving things as they are?
I can think of an approach right off the top of my head to cause major havoc using my admin powers that I wouldn't be able to undo with any conventional tools. I've been an admin since mid 2002 and was at one point the most prolific human editor (before AWB came along, grumble mumble :) so hopefully I've got enough trust built up to avoid being de-admined for admitting this.