Στις 13-04-2012, ημέρα Παρ, και ώρα 12:49 +1000, ο/η Andrew Garrett
έγραψε:
On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena
<benapetr(a)gmail.com> wrote:
An
account with sysop rights cannot do that much damage anyway.
Deleting a page does no more damage than deleting a paragraph in an
existent page, and the latter can be done by anybody; in fact,
deleting a page makes a lot more noise. The same goes for protection,
blocking and editing in the MediaWiki space - everything is easily
traceable and reversible, and in a functioning wiki community the
damage will be minimal.
That isn't excuse to leave project open to damage. Security of
mediawiki users and their accounts should be important for us anyway.
Actually, this is the most important thing to think about.
There is no such thing as perfect security. You just need to make it more
costly to breach security than the benefit that a hacker would get for it.
Conversely, you need to expend no more effort in security than the cost of
a breach in security.
Now, there are things that sysops can do that aren't so easily reversible.
You could surreptitiously add site JS that captured tokens from checkusers
and released large amounts of sensitive data, so it's not exactly without
merit. But I don't think it's justifiable to dismiss discussion about
whether extra security is "worth it".
If I wanted to cause harm to an editing community, one of the better
ways might be to take over a few inactive sysop accounts and slowly
start to push for policies and take actions that are divisive. The
resulting damage to community trust would be hard indeed to undo; think
back to the various infiltration programs of law enforcement into
activist groups in the 1960's and 1970's in the U.S. for a prime example
of this.
I don't think this justifies automated de-sysopping of inactive accounts
(because this also sends a message about trust or value to the account
owner), but a notification system of some sort, as has been proposed
earlier in this thread, might be nice.
Ariel