Chris Steipp wrote:
Thanks for this. I think it's a good start. I think it's reasonable to say
that you've established that there are threats. In my opinion, now it's a
matter of demonstrating that any counter-measures proposed will directly
mitigate those threats. And it's also a matter of demonstrating that the
threats are substantial (dangerous) enough to warrant a response. There
are nearly a limitless number of threats in life, so figuring out how
much energy to invest in securing free and unprivileged accounts versus
administrator or steward accounts is important.
Just to give a better understanding, for the English Wikipedia as of about
Wed Feb 12 03:44:04 UTC 2014:
MariaDB [enwiki_p]> select user_editcount, count(user_id) from user group
by user_editcount order by user_editcount asc limit 11;
+----------------+----------------+
| user_editcount | count(user_id) |
+----------------+----------------+
| 0 | 13814964 |
| 1 | 2406240 |
| 2 | 1151354 |
| 3 | 664263 |
| 4 | 436915 |
| 5 | 309483 |
| 6 | 231616 |
| 7 | 178952 |
| 8 | 143525 |
| 9 | 116164 |
| 10 | 96053 |
+----------------+----------------+
11 rows in set (38.93 sec)
Pastebin:
http://p.defau.lt/?4QMxue_aRSm1eK9CEK_wDw
There are approximately 20,740,377 user accounts total, so roughly 66.61%
of accounts have zero edits and roughly 94.26% of accounts have ten or
fewer edits on the English Wikipedia. A few thousand of these users are
likely involved in substantial work on other wikis, but that's probably a
nearly insignificant percentage. The convenience versus security trade-off
is still a serious consideration, in my opinion.
MZMcBride