On Sep 18, 2005, at 12:20 PM, Tim Starling wrote:
Stirling Newberry wrote:
You didn't check carefully - the edit history
shows that the
image was
last updated in March, when, in fact, the pornographic image has
only
been in place for a few hours. Or do you think that it would have
been
left on my user page for months with no one commenting on it?
No, the image description page was last updated in March, the image
itself has been changed three times in the last day. Uploading a new
version of an old image does not cause an entry to be placed in the
history of the image description page. And as Stephen Forrest pointed
out, the upload was performed by an imposter with a homographic
name. No
secret sysadmin powers required.
-- Tim Starling
Then that is a huge user interface and security hole - because
someone looking at the history of the image would think that the
original uploader uploaded the image. In an organization that relies
on users being able to track and document problems this is gap in
that ability.