On Wed, Apr 4, 2012 at 10:15 AM, John Vandenberg jayvdb@gmail.com wrote:
What happens if the ex-sysop has lost access to their original email address .. ?
If the sysop lost their email, they are in same troubles as if any other user lost their email and forgot password. It simply shouldn't happen.
On Wed, Apr 4, 2012 at 10:16 AM, Amir E. Aharoni amir.aharoni@mail.huji.ac.il wrote:
2012/4/4 Petr Bena benapetr@gmail.com:
I have seen there is a lot of wikis where people are concerned about inactive sysops. They managed to set up a strange rule where sysop rights are removed from inactive users to improve the security. However the sysops are allowed to request the flag to be restored anytime. This doesn't improve security even a bit as long as hacker who would get to some of inactive accounts could just post a request and get the sysop rights just as if they hacked to active user.
There's no point in making technical solutions for problems which are imaginary in the first place, just as you say. The English Wikipedia community rejects the notion that sysop inactivity is a problem quite firmly, and it does just fine. Meta, Commons, my home Hebrew Wikipedia and some other projects do have such rules, and they are completely pointless.
An account with sysop rights cannot do that much damage anyway. Deleting a page does no more damage than deleting a paragraph in an existent page, and the latter can be done by anybody; in fact, deleting a page makes a lot more noise. The same goes for protection, blocking and editing in the MediaWiki space - everything is easily traceable and reversible, and in a functioning wiki community the damage will be minimal.
That isn't excuse to leave project open to damage. Security of mediawiki users and their accounts should be important for us anyway.