I see a lot of differences:
The current process needs to be done by hand, which isn't just
annoying, but also not fail safe, some accounts might be overlooked,
etc. Bureaucrats can mislick or forget. The email account is likely
much more safe than wikimedia account, the google for example offers a
lot of security measures we don't, because they don't follow "hacking
user wouldn't do much damage" philosophy. And I guess many other
providers do the same. Hacking to two accounts would be much harder
than hacking one, given to that once the first account is hacked, the
user would be immediately notified in email (hacker would have very
limited time to hack to email box as well).
I don't say it's necessary, I definitely understand that getting a
sysop can't cause big problems and it's unlike it would happen
frequently. But I think this automated system is a better solution
than what the wikis started with.
On Wed, Apr 4, 2012 at 11:31 AM, Thomas Morton
On 4 April 2012 10:28, Petr Bena
But if I didn't think it's weird, I wouldn't start this. I am always
trying to find a solution from programmer point of view for a problems
which community sometimes try to solve "by hand".
From a security perspective (my speciality) there really isn't a lot of a
difference between the two proposals in terms of the problems they face.
Except that the current process requires a certain "human" involvement, and
scrutiny. Which is usually the best security mechanism.
A determined attacker is going to be able to break through either process;
but in the current setup their subsequent actions are likely to be noticed.
Wikitech-l mailing list