On 11/08/14 21:49, Brad Jorsch (Anomie) wrote:
On Mon, Aug 11, 2014 at 2:01 PM, John Mark Vandenberg
<jayvdb(a)gmail.com>
wrote:
Now, the devs/ops have attempted to introduce
that capability, and the
new functionality is very likely riddled with holes, some of which
MZMcBride has suggested in the thread 'Options for the German
Wikipedia'.
Most of what MZMcBride posted there has nothing to do with actually
breaking superprotection. Editing a page that isn't superprotected isn't a
break in the protection feature itself, for example. Nor is hacking
people's accounts.
Right, we (devs) weren't asked to prevent admins from disabling
MediaViewer, we were only asked to make it possible to protect pages
in the MediaWiki namespace such that ordinary admins couldn't edit
them. I understood the feature request as introducing a more gradual
escalation path, it wasn't an attempt to directly achieve a particular
goal.
John Mark Vandenberg wrote:
> These patches only introduce a new policy,
> signalling a new era, and make it technically more challenging to
> bypass that new policy. The policy written says "Sysops are not
> allowed to inject JavaScript into the reader's user-agent which
> interferes with WMF's favoured features."
Erik was very clear about this policy change in his first email to
this thread.
-- Tim Starling