Regarding "Mandatory code review (especially with a required waiting time) and
mandatory reauthentication are far more invasive than removing JS editing permissions from
administrators who don't want them.": I think that mandatory code review and
mandatory authentication would be far less costly and far faster to implement in terms of
volunteer time spent redesigning social processes and managing permissions. These options
both sound good to me.
In the longer term, I am thinking about how to implement a new permission as you suggest.
The more that I think about it, the more that I believe that it could be done with less
time cost to volunteers than I originally was dreading. For example, the new permission
could be locally assignable by stewards upon community request, similar to bureaucrat
permissions. A month-long RFC with adequate translations would likely be sufficient to
surface most major unintended side effects and to surface suggestions for design
modifications.
Regarding "I feel most people don't appreciate how *extremely* scary the current
situation is. The public backlash around the Seigenthaler affair was sparked by Wikipedia
carelessly causing harm to a single individual. It would be child's play compared to
what would happen if a few ten thousand people had their bank accounts cleaned, or a few
dozen opposition members arrested by the secret police, or something like that, because
Wikipedians decided security improvements were not worth the effort of moving users from
one group to another.": unless I have overlooked something, there seems to be
consensus in this thread that changes are worth considering, and people are discussing
which changes to make and in what order. People are trying to be helpful, and please keep
that in mind.
Pine
(
https://meta.wikimedia.org/wiki/User:Pine )
null