On 9/30/05, Marco Chiesa <chiesa.marco(a)gmail.com> wrote:
We had recently a debate on this topic on it.wiki and
we rejected the
idea of confirm votation for sysops on the basis that there would be
always one reconfirm elecion going on (current election duration is 2
weeks on itwiki). Anyway, I suppose reasons why sysop wouldn't be
recofirmed could be inactivity (not a critical problem in the short term
IMHO) or abuse of sysop powers (which should be dealt ASAP).
The only real reason to desysop someone permanently is if they're
abusing the power, go crazy (This happened on EN wiktionary a few
weeks ago), or being fools. Inactive admins will not harm the project,
unless they suddenly come back and assume the rules have not changed
in the six months they were gone. I've heard people saying it's a
security problem, but I think the more visible admins are more likely
to be security reasons.
Additionally, we are using a *plain text* password authentication
system. Passwords are encrypted in the database, but if someone
intercepts the login packets when an admin is logging in, they have
the password. Hacking our system is pretty trivial at the moment.
Additionally, there are always viruses and trojans that include
keyloggers, which someone could use to gain the password. But, once
you get an admin with a keylogger, all security for his account is
completely gone, even with an encrypted login form.
And, in the cases of a rogue or hacked admin, it really doesn't take
that much effort to get a steward, or in the absence of one, a
developer, to desysop them. If their account was hacked, when they
return they can explain the situation, fix any keyloggers, etc, change
their password, and get the adminship back. If they had a password
stealing trojan, they should be taught a crash course on avoiding
viruses. I can help with the latter if it's ever needed and they speak
english, I'm a virus helper on an IRC network. If they cannot keep
their account from being compromised more then once or twice, then
de-adminship should be considered, as they are a security risk.
I really think that on the EN wiki, de-adminship should be *much*
easier. If there was a process to easily get rid of admins that are
harming the system, then people wouldn't make adminship such a big
deal. We really need more admins, and nobody is helping by making
rediculous oppose votes, like "Has less then 999999999999 edits". Of
course, even with such a process in place, we would still have very
few admins removed....unless there was a sudden influx of bad admins.