[MediaWiki-l] Question about disclosing Special:Undelete for regular users

Jakub Klinkovsk√Ĺ j.l.k at gmx.com
Mon Aug 18 09:03:55 UTC 2014


We are reconsidering our strategy for archiving outdated pages on ArchWiki [1],
see [2] for the full discussion if interested. Currently, we don't do any
archiving, we simply delete obsolete pages (after being flagged with
'Template:Out of date' or 'Template:Deletion' for some time of course).

I would like to ask a question regarding one of the suggestions, which is to
make Special:Undelete [3] available for everybody (by assigning
'deletedhistory', 'deletedtext' and 'browsearchive' rights to all groups). This
is the most simple, but also most controversial way to solve our problem. The
main question is regarding security, because obviously this feature is intended
for administrators only.

The only bad implication we could think of is if somebody creates a defamatory
page and we delete it, we wouldn't be able to prevent anyone from linking to
the deleted revision(s) and thus exposing the wiki to possible legal
consequences. However, the same attack could be carried out on an already
existing useful article, and the same fix could be used in both cases, i.e.
using the RevisionDelete [4] feature. 

We would also appreciate any other comments on why this is a good/bad idea,
suggestions of another archiving solution etc.

Regards,
Lahwaacz (ArchWiki admin)

[1]: https://wiki.archlinux.org/index.php/Main_page
[2]: https://wiki.archlinux.org/index.php/ArchWiki:Requests#Should_we_remove_or_archive_obsolete_articles.3F
[3]: http://www.mediawiki.org/wiki/Help:Undelete
[4]: http://www.mediawiki.org/wiki/Help:RevisionDelete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.wikimedia.org/pipermail/mediawiki-l/attachments/20140818/f33ba553/attachment.pgp>


More information about the MediaWiki-l mailing list