No, that's not what I'm suggesting. I needed to re-read my comments before
I realized that they could be read the way that you seemed to have done,
and I apologize if I was unclear. If an admin account becomes compromised,
the current procedures for locking that account would apply.
A use of superprotect could be to protect certain pages or settings against
actions stemming from the hypothetical but possible scenario that an admin
account is compromised.
I hope that I've made my position clear now. I think that I've spoken my
share in this thread, so my intent is to be quiet for the moment so that
others can have airtime. If you have additional questions for me about this
thread, please contact me off list.
On Aug 13, 2015 6:54 AM, "MZMcBride" <z(a)mzmcbride.com> wrote:
Pine W wrote:
*Superprotection by stewards of legally or
technically sensitive pages, to
prevent damage caused by a hijacked admin account. The theory here is that
admin accounts are more numerous than steward accounts, so the liklihood
of a successful admin account hijack may be higher. Superprotection would
proactively limit possible damage. Admins doing routine maintenance work,
or taking actions with community consent, could simply make a request for
a temporary lift of superprotect by a steward or ask a steward to make an
*Upon community request, superprotection of pages by a steward where those
pages are the subject of wheel-warring among local admins.
*Superprotection of a page by a steward for legal reasons at the request
of WMF Legal, for example if a page is the subject of a legal dispute and
normal full protection is inadequate for some compelling reason.
"And nobody should be in the business of trying to retroactively justify
this misfeature's existence, in my opinion."
I'm pretty horrified to see that you completely ignored this and instead
decided to continue raising completely implausible and absurd scenarios.
In the case of a compromised admin account, did you seriously just suggest
that stewards would try to go around randomly super-protecting pages
instead of simply removing admin rights from the compromised account? I'm
boggling pretty hard at your reply here.
Wikimedia-l mailing list, guidelines at: