Yesterday I came across this feature request, which I promptly mis-understood:
https://bugzilla.wikimedia.org/30018 Option to make access to specific user rights or user groups dependent on having a verified email address
The requester clarified the request today:
There's relatively little benefit to making people provide a verified email address at one point time. On long-lasting wikis, verification might have been 5-10 years ago. The aim of this bug is to make user rights dependent on a verified email address *on an ongoing basis*.
So for example if the user removes the email address, or replaces it with another but doesn't verify it, the user rights associated with their user group are automatically suspended, until a verified email address is provided, when they're automatically re-enabled.
This would be more useful if there are situations where the "verified" status of an existing email address can be automatically revoked (eg if emails to the user bounce); I'm not sure if that's the case but if it isn't that's a separate issue.
I'm fascinated by the idea and can see arguments both ways. I thought I'd bring it up here to see if anyone could help me think through it.
Thanks,
Mark.
----- Original Message -----
From: "Mark A. Hershberger" mhershberger@wikimedia.org
So for example if the user removes the email address, or replaces it with another but doesn't verify it, the user rights associated with their user group are automatically suspended, until a verified email address is provided, when they're automatically re-enabled.
This would be more useful if there are situations where the "verified" status of an existing email address can be automatically revoked (eg if emails to the user bounce); I'm not sure if that's the case but if it isn't that's a separate issue.
I'm fascinated by the idea and can see arguments both ways. I thought I'd bring it up here to see if anyone could help me think through it.
I think that what semantics are best for tying email validation to user rights depends a heckuva lot on what you're using Mediawiki for, myself.
The major specific item has to do with scope of accessibility and administrative span of control; if those match fairly closely, it's probably not a big deal. For Wikipedia, on the other hand...
Cheers, -- jra
The requester clarified the request today: So for example if the user removes the email address, or replaces it with another but doesn't verify it, the user rights associated with their user group are automatically suspended, until a verified email address is provided, when they're automatically re-enabled.
I think this is already the case. If it's not, it's a bug. "Sysops only have sysop powers if autoconfirmed" would be a bit hard to configure but I think is also already possible.
This would be more useful if there are situations where the "verified" status of an existing email address can be automatically revoked (eg if emails to the user bounce); I'm not sure if that's the case but if it isn't that's a separate issue.I'm fascinated by the idea and can see arguments both ways. I thought I'd bring it up here to see if anyone could help me think through it.
MediaWiki is installed on web servers. Giving a bounce email address to the wiki is out of scope. However, I would welcome a HOWTO on mediawiki.org about how to configure the email server to set aliases that would launch php maintenance/changeUser.php --you-are-no-longer-autoconfirmed (which we would add, but would be a couple of lines anyway)
2011/7/26 Platonides Platonides@gmail.com
The requester clarified the request today: So for example if the user removes the email address, or replaces it with another but doesn't verify it, the user rights associated with their user group are automatically suspended, until a verified email address is provided, when they're automatically re-enabled.
I think this is already the case. If it's not, it's a bug. "Sysops only have sysop powers if autoconfirmed" would be a bit hard to configure but I think is also already possible.
That would not necessarily be a good idea. Enwiki has some adminbots that
only perform deletions/protections/whatever and don't make any edits. They'd never get autoconfirmed, unless the bot owner would do some otherwise useless edits with them.
Jelle
This would be more useful if there are situations where the "verified" status of an existing email address can be automatically revoked (eg if emails to the user bounce); I'm not sure if that's the case but if it isn't that's a separate issue.I'm fascinated by the idea and can see arguments both ways. I thought I'd bring it up here to see if anyone could help me think through it.
MediaWiki is installed on web servers. Giving a bounce email address to the wiki is out of scope. However, I would welcome a HOWTO on mediawiki.org about how to configure the email server to set aliases that would launch php maintenance/changeUser.php --you-are-no-longer-autoconfirmed (which we would add, but would be a couple of lines anyway)
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Wed, Jul 27, 2011 at 11:48 AM, Jelle Zijlstra jelle.zijlstra@gmail.com wrote:
That would not necessarily be a good idea. Enwiki has some adminbots that only perform deletions/protections/whatever and don't make any edits. They'd never get autoconfirmed, unless the bot owner would do some otherwise useless edits with them.
Jelle
We have a "confirmed" usergroup for that already that basically gives the same rights...
As for email account's we don't really use them much for anything unless the person wants to get emails from other users or reset their passwords so it wouldn't really matter that much,
Jelle Zijlstra wrote:
2011/7/26 Platonides
The requester clarified the request today: So for example if the user removes the email address, or replaces it with another but doesn't verify it, the user rights associated with their user group are automatically suspended, until a verified email address is provided, when they're automatically re-enabled.
I think this is already the case. If it's not, it's a bug. "Sysops only have sysop powers if autoconfirmed" would be a bit hard to configure but I think is also already possible.
That would not necessarily be a good idea. Enwiki has some adminbots that
only perform deletions/protections/whatever and don't make any edits. They'd never get autoconfirmed, unless the bot owner would do some otherwise useless edits with them.
Jelle
Sorry. I was not clear here. The "this is already the case" refered to losing the email confirmed status when you change your email address.
Attaching sysop powers to that status would require arcane configuration using $wgAutopromote.
Also, email confirmation is different than autoconfirmed status, the later was used meaning the former.
wikitech-l@lists.wikimedia.org