On Wed, Apr 4, 2012 at 10:15 AM, John Vandenberg <jayvdb(a)gmail.com> wrote:
What happens if the ex-sysop has lost access to their
original email
address .. ?
If the sysop lost their email, they are in same troubles as if any
other user lost their email and forgot password. It simply shouldn't
happen.
On Wed, Apr 4, 2012 at 10:16 AM, Amir E. Aharoni
<amir.aharoni(a)mail.huji.ac.il> wrote:
2012/4/4 Petr Bena <benapetr(a)gmail.com>om>:
I have seen there is a lot of wikis where people
are concerned about
inactive sysops. They managed to set up a strange rule where sysop
rights are removed from inactive users to improve the security.
However the sysops are allowed to request the flag to be restored
anytime. This doesn't improve security even a bit as long as hacker
who would get to some of inactive accounts could just post a request
and get the sysop rights just as if they hacked to active user.
There's no point in making technical solutions for problems which are
imaginary in the first place, just as you say. The English Wikipedia
community rejects the notion that sysop inactivity is a problem quite
firmly, and it does just fine. Meta, Commons, my home Hebrew Wikipedia
and some other projects do have such rules, and they are completely
pointless.
An account with sysop rights cannot do that much damage anyway.
Deleting a page does no more damage than deleting a paragraph in an
existent page, and the latter can be done by anybody; in fact,
deleting a page makes a lot more noise. The same goes for protection,
blocking and editing in the MediaWiki space - everything is easily
traceable and reversible, and in a functioning wiki community the
damage will be minimal.
That isn't excuse to leave project open to damage. Security of
mediawiki users and their accounts should be important for us anyway.