I see a lot of differences:
The current process needs to be done by hand, which isn't just annoying, but also not fail safe, some accounts might be overlooked, etc. Bureaucrats can mislick or forget. The email account is likely much more safe than wikimedia account, the google for example offers a lot of security measures we don't, because they don't follow "hacking user wouldn't do much damage" philosophy. And I guess many other providers do the same. Hacking to two accounts would be much harder than hacking one, given to that once the first account is hacked, the user would be immediately notified in email (hacker would have very limited time to hack to email box as well).
I don't say it's necessary, I definitely understand that getting a sysop can't cause big problems and it's unlike it would happen frequently. But I think this automated system is a better solution than what the wikis started with.
On Wed, Apr 4, 2012 at 11:31 AM, Thomas Morton morton.thomas@googlemail.com wrote:
On 4 April 2012 10:28, Petr Bena benapetr@gmail.com wrote:
Indeed :-)
But if I didn't think it's weird, I wouldn't start this. I am always trying to find a solution from programmer point of view for a problems which community sometimes try to solve "by hand".
From a security perspective (my speciality) there really isn't a lot of a difference between the two proposals in terms of the problems they face.
Except that the current process requires a certain "human" involvement, and scrutiny. Which is usually the best security mechanism.
A determined attacker is going to be able to break through either process; but in the current setup their subsequent actions are likely to be noticed.
Tom _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l