"Magnus Manske" <magnusmanske(a)googlemail.com> wrote
On 12/19/06, Mark Clements
> The current system works fine, as far as I am
concerned. The import is
> one-way process, and doesn't touch the
material on the source wiki.
> as it should be, as there will be situations
where you are trying to
> not move the material. Currently you do the
import and, if the content
> being moved, login to the remote wiki and either
delete the page or add
There should definitely _not_ be a mechanism for remotely
deleting wiki content from a remote wiki!
Why not? If I'm an admin on that remote wiki, it might be handy when
moving images to Commons. At the moment of writing this mail, there
are 657,331 media files on en.wikipedia. If 1/3 of them (rough guess)
are suitable for Commons, that means >200,000 manual deletions when
moving. If an api would allow image deletions by admins, it would save
a lot of unneccessary work, without compromising safety (the images
are kept, and the api could also offer undelete).
Because you are changing the trust model. PersonA is an admin on WikiA and
has been trusted enough to delete articles and to perform a transwiki
import. WikiB has not made PersonA an admin - they (implicitly) do not
trust PersonA to delete articles. However, PersonA is allowed to delete
articles by using the transwiki import + delete.
Admins at WikiA have full delete rights at WikiB, even if they are
non-admins and explicitly blocked at WikiB!
I understand that you qualified your statement with "If I'm an admin on that
remote wiki...", but I don't see how that can be done without explicitly
requiring a username/password each time a user wants to delete (plus, you
are then giving your remote details to the local wiki sysadmin - an
unscrupulous sysadmin or maybe even a badly behaved extension would be able
to access these).
- Mark Clements (HappyDog)