Wikipedia talk:Arbitration Committee/Noticeboard
|
1, 2, 3, 4, 5, 6, 7, 8, 9, 10 |
This page has archives. Sections older than 4 days may be automatically archived by Lowercase sigmabot III. |
Audit Subcommittee appointments (2011)
- Just curious: what new user groups will Bahamut0013 be added to for his time on the AUSC? If
administrator
is one of those, will it too be removed after his term expires? NW (Talk) 16:06, 31 March 2011 (UTC)- Pending his identification to the Wikimedia Foundation, Bahamut0013 will be granted the checkuser and oversight privileges for the duration of his term. He is, of course, free to seek administrator privileges of his own accord. –xenotalk 16:10, 31 March 2011 (UTC)
- Is
oversight
enough by itself to review the actions of oversighters? Are there any special permissions inadministrator
(such asview-deleted
, I think it's called) that are necessary? NW (Talk) 16:15, 31 March 2011 (UTC)- While I don't think that it is absolutely necessary (as suppressrevision allows one to Review and restore revisions hidden from administrators), deletedhistory and deletedtext (and perhaps browsearchive) are probably a practical necessity for the role, and we are still finalizing how to handle this. One option under consideration is adding the requisite userrights to the CheckUser (such as at the French Wikipedia) or Oversight privileges. –xenotalk 16:23, 31 March 2011 (UTC)
- Is
- Pending his identification to the Wikimedia Foundation, Bahamut0013 will be granted the checkuser and oversight privileges for the duration of his term. He is, of course, free to seek administrator privileges of his own accord. –xenotalk 16:10, 31 March 2011 (UTC)
- Well these are four very sensible appointments. I'm happy to concede it to these guys and I'm sure they'll do an excellent job. HJ Mitchell | Penny for your thoughts? 16:59, 31 March 2011 (UTC)
- Congratulations to the appointees, who I'm sure will do a great job. Ucucha 17:16, 31 March 2011 (UTC)
- Thank you, both, for stepping forward to volunteer! –xenotalk 17:31, 31 March 2011 (UTC)
- Is it just me, or is Bahamut0013 the first non-admin with CU and OS access? --Dylan620 (t • c) 00:24, 2 April 2011 (UTC)
- I'm pretty sure he's the first on the English Wikipedia, but it's SOP on some other wikis. In fact, I think there's even a couple where you can't hold both at the same time. — Coren (talk) 02:18, 2 April 2011 (UTC)
- There are no wikis which prohibit CU/OS from being administrators. However, it is not mandatory for checkusers to be an administrator n Dutch[1] and French[2] Wikipedia.
There are wikis that have enacted separation of powers (SOP) provisions, requiring that CU/OS can not be arbcom members and/or 'crats. For example, German Wikipedia requires that each person can only perform one role above sysops. (see this image and this decision) And on Dutch Wikipedia they have an 'arbcom' group, and many of their arbcom members are not administrators.[3] John Vandenberg (chat) 03:19, 2 April 2011 (UTC)- When Coren said SOP, I think he meant standard operating practice, but I'm not sure. AGK [•] 14:09, 2 April 2011 (UTC)
- Aye. However 'separation of powers' would have made more sense. John Vandenberg (chat) 07:10, 3 April 2011 (UTC)
- When Coren said SOP, I think he meant standard operating practice, but I'm not sure. AGK [•] 14:09, 2 April 2011 (UTC)
- There are no wikis which prohibit CU/OS from being administrators. However, it is not mandatory for checkusers to be an administrator n Dutch[1] and French[2] Wikipedia.
- I'm pretty sure he's the first on the English Wikipedia, but it's SOP on some other wikis. In fact, I think there's even a couple where you can't hold both at the same time. — Coren (talk) 02:18, 2 April 2011 (UTC)
- I'd like to thank all candidates and arbs involved for volunteering to preserve this obscure but important institution, and to commend the committee for not being afraid to appoint a non-administrator. Best of luck in the term ahead, Skomorokh 11:34, 6 April 2011 (UTC)
Internal teams
- At first I thought that this was useless waffle, but it's actually a neat idea. Smaller groups have more focus and less stagnation. AGK [•] 14:12, 8 April 2011 (UTC)
Criteria for appointment to the Audit Subcommittee
For the avoidance of any doubt, criterion #1 was not a factor in the appointments last month; that is, none of the candidates had any concerns regarding privacy or breaches of trust raised regarding them. Kirill [talk] [prof] 00:17, 6 April 2011 (UTC)
- Could you clarify what is meant in the announcement by "votes cast"? Given that the last AUSC selections were made by ArbCom appointment rather than straight elections, does "votes cast" refer to internal committee voting, volume of pro-con email from the community, community comments, or does this signal an intent to return to straight elections for future selections? Grazi, Skomorokh 11:38, 6 April 2011 (UTC)
- It refers to an internal vote by the arbitrators. Kirill [talk] [prof] 11:39, 6 April 2011 (UTC)
- Thank you. Skomorokh 11:42, 6 April 2011 (UTC)
- I've made this clear at the announcement, for posterity. –xenotalk 13:09, 6 April 2011 (UTC)
Changes requested to the checkuser and oversight permissions
Filed bugzilla:28440. –xenotalk 14:24, 6 April 2011 (UTC)
- What is the purpose of giving CU/OS to non-admins? Is it just for AUSC, or is there some other situation where you'd want it? 75.57.242.120 (talk) 22:42, 6 April 2011 (UTC)
- In Arbitration Committee elections in recent years, there have been viable candidacies of non-administrators; current Arbcom members may also wish to resign as administrators but still have need of the CU/OS tools whilst continuing their role on the Committee. We can also learn from some of our cohort projects; several of them have non-administrators in these roles, and it is possible that a suitable non-administrator candidate may come forward on this project as well. Finally, there is the philosophy that a userright should be a complete package and should not be dependent on other userrights to function properly. Risker (talk) 22:52, 6 April 2011 (UTC)
- That sounds, WADR, like a patently bad idea. If someone is a qualified checkuser candidate, they should submit themselves for adminship. If the community doesn't trust them with the admin tools, they certainly wouldn't trust them with checkuser/oversight. As for former arbiters who wish to resign as administrators, but still be checkusers and oversighters? That falls into the category of "doc it hurts when I do this" ("don't do that"). It would be analogous to the President wanting to resign as President, but retain the nuclear football. This is a truly terrible idea and it smells like wanting to be able to "back door" somebody into adminship. --B (talk) 12:10, 7 April 2011 (UTC)
- I'm afraid I agree with B. I don't wish to slight the one non-admin, but if you're trustworthy enough to be a functionary, you're trustworthy enough to pass an RfA. Even with the ability to view deleted content, there are a a host of other things that a functionary without an admin bit can't do. For example, a checkuser couldn't block based on their findings, they'd have to go to RfPP to request an article being targeted by socks be protected. What's the benefit of having a non-admin functionary other than proving that it's theoretically possible? HJ Mitchell | Penny for your thoughts? 12:54, 7 April 2011 (UTC)
- Keep in mind that not everyone actually wants to be an administrator. It sounds to me like you both think that being an administrator should be a social requirement for appointment as a functionary - and you should feel free to initiate a community discussion to see if there is consensus for that position. –xenotalk 13:32, 7 April 2011 (UTC)
- That's possibly the most over-the-top analogy I've seen in a long time, B. "Nuclear football"? I'd suggest it's more akin to a cow-patty detection system. Checkuser results and suppressed/oversighted edits are involved in at least 30% of arbitration cases, and arbitrators need to be able to discuss them and review those edits/actions for themselves. The community has been clear that it will seriously consider good candidates, whether administrator or non-administrator, for the Arbitration Committee; there is no requirement that arbitrators be administrators, never has been, and the community has discussed it in the past and chosen not to add that restriction. Being an arbitrator has little to do with blocking people or deleting pages. HJ Mitchell, many checkusers leave the blocking to independent reviewers, particularly when doing SPIs. I note that neither of you have bothered to address the point that permissions should stand alone and not be dependent on other permissions, which is pretty standard in most systems. And, having watched RFA for a long time, I'm not terribly persuaded that it has much to do with trust at all, but that's my personal opinion. Risker (talk) 13:06, 7 April 2011 (UTC)
- I'm afraid I agree with B. I don't wish to slight the one non-admin, but if you're trustworthy enough to be a functionary, you're trustworthy enough to pass an RfA. Even with the ability to view deleted content, there are a a host of other things that a functionary without an admin bit can't do. For example, a checkuser couldn't block based on their findings, they'd have to go to RfPP to request an article being targeted by socks be protected. What's the benefit of having a non-admin functionary other than proving that it's theoretically possible? HJ Mitchell | Penny for your thoughts? 12:54, 7 April 2011 (UTC)
- That sounds, WADR, like a patently bad idea. If someone is a qualified checkuser candidate, they should submit themselves for adminship. If the community doesn't trust them with the admin tools, they certainly wouldn't trust them with checkuser/oversight. As for former arbiters who wish to resign as administrators, but still be checkusers and oversighters? That falls into the category of "doc it hurts when I do this" ("don't do that"). It would be analogous to the President wanting to resign as President, but retain the nuclear football. This is a truly terrible idea and it smells like wanting to be able to "back door" somebody into adminship. --B (talk) 12:10, 7 April 2011 (UTC)
- In Arbitration Committee elections in recent years, there have been viable candidacies of non-administrators; current Arbcom members may also wish to resign as administrators but still have need of the CU/OS tools whilst continuing their role on the Committee. We can also learn from some of our cohort projects; several of them have non-administrators in these roles, and it is possible that a suitable non-administrator candidate may come forward on this project as well. Finally, there is the philosophy that a userright should be a complete package and should not be dependent on other userrights to function properly. Risker (talk) 22:52, 6 April 2011 (UTC)
- What is the purpose of giving CU/OS to non-admins? Is it just for AUSC, or is there some other situation where you'd want it? 75.57.242.120 (talk) 22:42, 6 April 2011 (UTC)
- (edit conflict), talking to HJ. However, the converse is that we've proven there are true limitations to the current rights set that makes simply doing what CU/OS's are appointed to do quite difficult. For example, a suppressed edit that is to a deleted page is invisible to someone with the OS flag that is not an admin. I wonder if the same would be true while in the Checkuser interface- would CU refuse to display an edit that the operator didn't have the permission to view? I tend to agree that anyone with sufficient confidence to gain a CU/OS bit or be elected to ArbCom should be able to pass an RFA, but should they be forced to? These changes in the rights set have proven necessary just to make the tools work as they should. The other option is a blanket prohibition against any non-admin gaining CU/OS flags, which is a very divisive move- RFA is not a gate by which editors become somehow "worthy" to hold advanced flags- there are tons of fully trustworthy editors around this place who have no need or desire for the admin tool set. The other option is to sysop by fiat anyone who gets a CU/OS flag by ArbCom decision. And well, that would cause a riot from some sectors. (ArbCom elections could always be treated as a de facto RFA). This isn't the ideal solution, but it is necessary unless consensus changes to demand adminship as a prerequisite to gaining a CU/OS flag for any purpose. Courcelles 13:09, 7 April 2011 (UTC)
- I can't imagine a situation in which an Arb would want to resign adminship but retain CU and stay on the Committee. Giving up adminship would serve no purpose in those circumstances; anyone wanting not to use the tools could simply stop doing so. SlimVirgin TALK|CONTRIBS 01:26, 9 April 2011 (UTC)
- I think all ArbCom members should drop their sysop buttons. Simply not using them doesn't remove the ability to implicitly threaten to use them. John Vandenberg (chat) 07:32, 9 April 2011 (UTC)
- Personally I'd like to see a situation where Arbs give up adminship, CU, OR, and any other positions they hold while on ArbCom—because it would mean people would stand only because they wanted to engage in dispute resolution, and wouldn't be able to wear multiple hats while doing it. I'd also like to see CU/OS removed if not used regularly. So if this were happening as part of a general reform I might feel differently about it, but even so there would have to be an election at some point: either an RfA, or a CU election, or an ArbCom election. It's not a good idea for ArbCom just to pluck editors out and give them higher permissions they've demonstrated no need for. SlimVirgin TALK|CONTRIBS 22:35, 9 April 2011 (UTC)
- What we did was RFC the appointment method, conduct an arbitrator vote on the appointment process, call for AUSC candidates, privately vet the applicants, publicly RFC the applicants allowing public and private comments, hold an arbitrator vote on each candidate and select the top three according to the appointment process. It's not an election, but it is a long way from a plucking process ;-)
- The result is that Bahamut0013 is now a WP:AUSC member, and now has need for these three permissions in order to fulfill their duties.
- That the RfA is passing comfortably (touch wood) is evidence that the process we used didn't produce a result that the community objects to. The RfA also means that the configuration change will not be needed in this instance.
- This configuration change isn't 'reform', but it does remove the technical restriction that currently ensures Arbs, CU and OS can't give up sysop tools.
- The "real" reform would be to create an
audit
and/orarbcom
group which gives members the read-only permissions (browsearchive
,deletedhistory
,deletedtext
,checkuser-log
,suppressionlog
,abusefilter-log-detail
,abusefilter-hide-log
, andoversight
). Then members can see what needs to be seen, and they can shed any of thesysop
,oversight
andcheckuser
groups which they dont use regularly, or don't want to use regularly. John Vandenberg (chat) 04:01, 10 April 2011 (UTC)
- Personally I'd like to see a situation where Arbs give up adminship, CU, OR, and any other positions they hold while on ArbCom—because it would mean people would stand only because they wanted to engage in dispute resolution, and wouldn't be able to wear multiple hats while doing it. I'd also like to see CU/OS removed if not used regularly. So if this were happening as part of a general reform I might feel differently about it, but even so there would have to be an election at some point: either an RfA, or a CU election, or an ArbCom election. It's not a good idea for ArbCom just to pluck editors out and give them higher permissions they've demonstrated no need for. SlimVirgin TALK|CONTRIBS 22:35, 9 April 2011 (UTC)
- I'm as suspicious of authority as the next guy (well, as suspicious as an admin can be, I suppose), and some ArbCom members/decisions annoy me too sometimes, but I don't understand the apparent necessity in always attributing evil motives to every single action ArbCom takes. How do you reconcile "WADR" and "smells like wanting to be able to 'back door' somebody into adminship"? With all due respect, that seems kind of passive aggressive (see? I can do it too! You can't get mad, I said "with all due respect"!) --Floquenbeam (talk) 13:12, 7 April 2011 (UTC)
- Furthermore, we are only granting the ability to view deleted entries - administrators can do a lot more than that, so I don't see how this is a backdoor at all. Being an administrator is not a social requirement for appointment to checkuser, oversight, the Arbitration Committee, or the Audit Subcommittee, so why should it be a technical requirement? –xenotalk 13:20, 7 April 2011 (UTC)
- If it's not a de facto requirement (at least for the community, but not for appointments by ArbCom), then why has no non-admin ever been elected as a functionary or an arb? HJ Mitchell | Penny for your thoughts? 13:38, 7 April 2011 (UTC)
- How many times have non-admins stood for those positions? In the last ArbCom elections, there were only two candidates that were not either admins or could have gotten their mop back by a simple request on BN. Perhaps the kind of people that would have an interest in being a functionary highly overlap with those who would enjoy being an administrator? Or perhaps the fact that it had never been done before was discouraging non-admins from even standing for such roles. There's a correlation here, but I'd be very hesitant about implying any causality here. Courcelles 13:47, 7 April 2011 (UTC)
- There have been many viable non-admin candidates over the years, but none have ever been elected. HJ Mitchell | Penny for your thoughts? 13:57, 7 April 2011 (UTC)
- This year is the first time a non-admin was presented as a candidate for the Audit Subcommittee, and there were almost no objections or concerns raised related to his not holding administrative privileges. –xenotalk 14:19, 7 April 2011 (UTC)
- While I personally support the move, I am compelled to point out that changing permissions affected to a usergroup should be a community decision. The ArbCom has been delegated the authority to oversee the use of CU and OS permissions, this does not extend to changing those permissions. I would especially not want this to set a precedent. There is no harm in asking the community for feedback at WP:VPR or another appropriate venue. If you expose it well, I'm sure it'll gain consensus pretty easily. Cenarium (talk) 16:43, 7 April 2011 (UTC)
- That's a red herring. The actual background has been that CU/OS have required permissions associated with the administrator role to do their jobs right. Let's look at it this way: ArbCom can appoint advanced permission holders, but doesn't currently appoint administrators. If the choice is between ArbCom appointing administrators without going through RfA, or changing the permissions such that a non-administrator CU or OS can still do the CU or OS job effectively, which gives the community a more appropriate say? From a controls and auditing perspective, it's best practice for each role to hold every necessary privilege. Jclemens (talk) 16:50, 7 April 2011 (UTC)
- Another way of looking at it: Wikipedia:User access levels shows that we have two types of roles:
- Standalone roles contain everything needed to accomplish a task. Reviewer, Researcher, ipblock-exempt, rollback... all of these roles have everything needed to do that finite, specific task.
- Cumulative roles are essentially three: bureaucrat, checkuser, and oversight. Each of these relies upon privileges present in the administrator role. While that may have been a good idea for a small project, as things grow, enabling security access role granularity is just part of the growing up process: we're a long way from every administrator having 'root' access.
- There's two questions, really: 1) Is it consistent with information security best practices to convert the cumulative roles into standalone roles? That answer is obviously yes. 2) Is it the community's wish that non-administrators be excluded from election to the bureaucrat or appointed to CU and OS roles and that holders of these three roles must retain their administrator bit? That question is absolutely appropriate for community input, and the community has already failed to oppose a non-administrator being appointed to the audit subcommittee, an oversight role that requires both CU and OS. Jclemens (talk) 17:01, 7 April 2011 (UTC)
- Still, you should consult the community. You do not have power to grant rights over than CU and OS, and you do not have power to change permissions affected to a usergroup. If for some reason you think doing so would be good, then you need to consult the community. The recent appointment which you mentions doesn't justify that you step outside of your authority. Cenarium (talk) 17:21, 7 April 2011 (UTC)
- The community's input isn't needed for #1: we don't hold RfC's on how to configure our networks or how much storage space to buy, do we? Why not? Because those are technical implementation details, just like this is. As far as #2 goes, the community's input was sought, and a non-administrator candidate has been approved by Arbcom after community input. The entire reason this change is being required is because the community endorsed a non-admin CU/OS. Given that this has gone from theoretical (e.g., Giano's recent ArbCom candidacy) to the actual, it's up to ArbCom to implement some way for our newly elected community audit committee represenative to do his job (which, ironically, is checking up on us). The reason the change is appropriate is because it takes away nothing from the community's decision making process: a CU/OS without administrator privs will be able to see things that a CU/OS needs to see, but not block/unblock, delete/restore, protect/unprotect, grant/revoke permissions, and the rest of things that go along with the administrator role. Jclemens (talk) 17:49, 7 April 2011 (UTC)
- Is this what you are talking about for the "community endorsed ... non-admin CU/OS"? An obscure page with three comments in support of this user is hardly a ringing endorsement of changing what has always been the de facto policy. And I think you well know that modifying user rights is somewhat different than deciding how much hard drive space to buy. --B (talk) 04:53, 8 April 2011 (UTC)
- The community's input isn't needed for #1: we don't hold RfC's on how to configure our networks or how much storage space to buy, do we? Why not? Because those are technical implementation details, just like this is. As far as #2 goes, the community's input was sought, and a non-administrator candidate has been approved by Arbcom after community input. The entire reason this change is being required is because the community endorsed a non-admin CU/OS. Given that this has gone from theoretical (e.g., Giano's recent ArbCom candidacy) to the actual, it's up to ArbCom to implement some way for our newly elected community audit committee represenative to do his job (which, ironically, is checking up on us). The reason the change is appropriate is because it takes away nothing from the community's decision making process: a CU/OS without administrator privs will be able to see things that a CU/OS needs to see, but not block/unblock, delete/restore, protect/unprotect, grant/revoke permissions, and the rest of things that go along with the administrator role. Jclemens (talk) 17:49, 7 April 2011 (UTC)
- The request for comment was well advertised. While there may only be three public comments in support, there are also no objections to a non-admin serving in this capacity. We requested members of the community to privately inform the committee of their thoughts about the candidates. And they did. Again, there were no objections to a non-admin serving in this capacity. It looks like you didn't get the memo, so could you please cut to the chase and state plainly whether or not you think a non-admin, and in particular Bahamut0013, is suitable for the audit subcommittee. The technical change is merely implementing that appointment. If there is ever another non-admin candidate for these groups, it will be advertised just like any other candidacy; if the community doesn't want non-admins in these groups, they will have an opportunity to say so. John Vandenberg (chat) 06:46, 8 April 2011 (UTC)
- No, I really don't think you should be giving advanced permissions to non-admins. I don't know how I can be any clearer than that. If this person truly has the trust of the community, they should be able to pass RFA. If they don't have the trust of the community, then why are you giving them advanced permissions? (I would be remiss if I didn't point out that the "reviewer" permission already exists today, so you could use that for this user rather than unilaterally changing permissions without discussion. I still don't think that would be a good idea, but it's an available technical means.) Unilaterally doing controversial things is one of the reasons that arbcom is thought of as being aloof and elitist, and is not particularly trusted. --B (talk) 12:56, 8 April 2011 (UTC)
- You come across as implying that if editors do not have the admin tools, they are not trustworthy. I find that very disturbing. Risker (talk) 13:14, 8 April 2011 (UTC)
- I find it very typical of a deep-rooted problem within the administrator caste. Malleus Fatuorum 13:21, 8 April 2011 (UTC)
- Thank you for making up something that has nothing whatsoever to do with what I said. I think you are seeing what you want to see. I said that if they have the trust of the community, then they should be able to pass RFA. That does not mean that all persons who have not passed RFA are inherently untrustworthy, by any remote stretch of the imagination. Nor does it even mean that all trustworthy people WILL pass RFA - just that they should. Indeed, RFA is a broken process that clearly has its faults. But what it does mean is that you shouldn't simply pretend that they have passed RFA and dispense with the process. --B (talk) 19:59, 8 April 2011 (UTC)
- You come across as implying that if editors do not have the admin tools, they are not trustworthy. I find that very disturbing. Risker (talk) 13:14, 8 April 2011 (UTC)
- The reviewer permission has nothing to do with deleted revisions - see Special:ListGroupRights. Your position is that only administrators should be eligible for advanced permissions and appointment to the Audit Subcommittee or election to the Arbitration Committee. I don't believe that this belief is widely held, but as above, I invite to initiate a community discussion to verify that. –xenotalk 13:38, 8 April 2011 (UTC)
- Clearly, I meant "researcher". --B (talk) 20:00, 8 April 2011 (UTC)
- That was an option we looked at briefly, however "researcher" is managed by the meta:Research Committee, and audit subcommittee members dont meet their pre-requisites. --John Vandenberg (chat) 07:37, 9 April 2011 (UTC)
- Clearly, I meant "researcher". --B (talk) 20:00, 8 April 2011 (UTC)
- No, I really don't think you should be giving advanced permissions to non-admins. I don't know how I can be any clearer than that. If this person truly has the trust of the community, they should be able to pass RFA. If they don't have the trust of the community, then why are you giving them advanced permissions? (I would be remiss if I didn't point out that the "reviewer" permission already exists today, so you could use that for this user rather than unilaterally changing permissions without discussion. I still don't think that would be a good idea, but it's an available technical means.) Unilaterally doing controversial things is one of the reasons that arbcom is thought of as being aloof and elitist, and is not particularly trusted. --B (talk) 12:56, 8 April 2011 (UTC)
- The request for comment was well advertised. While there may only be three public comments in support, there are also no objections to a non-admin serving in this capacity. We requested members of the community to privately inform the committee of their thoughts about the candidates. And they did. Again, there were no objections to a non-admin serving in this capacity. It looks like you didn't get the memo, so could you please cut to the chase and state plainly whether or not you think a non-admin, and in particular Bahamut0013, is suitable for the audit subcommittee. The technical change is merely implementing that appointment. If there is ever another non-admin candidate for these groups, it will be advertised just like any other candidacy; if the community doesn't want non-admins in these groups, they will have an opportunity to say so. John Vandenberg (chat) 06:46, 8 April 2011 (UTC)
- Still, you should consult the community. You do not have power to grant rights over than CU and OS, and you do not have power to change permissions affected to a usergroup. If for some reason you think doing so would be good, then you need to consult the community. The recent appointment which you mentions doesn't justify that you step outside of your authority. Cenarium (talk) 17:21, 7 April 2011 (UTC)
- You are giving me reasons why the change should be made, it's not the point of my objection, again I agree with the move. I am saying that this is not up to ArbCom to make the request. Any user (including an individual arb) can make requests on behalf of the English Wikipedia when they are non-controversial, but if they are, they should be based on an explicit community decision. This is how bugzilla works, always worked; arbcom has no special authority to make bug requests for the English Wikipedia (as you'd say, it's outside of your jurisdiction). So please, respect the community, stay within your role, you just need to consult the community on this specific point, it's no big deal. Additionally, there's no pressing need to have the matter resolved since Bahamut0013 is about to gain adminship. Finally, as a general request, I'll ask that before you make decisions, especially outside formal arbitration cases, you make sure that (i) it is within your authority (ii) it is not made in order to achieve a political goal (by political, I mean the question of what should be the WP policies, which is a matter for the community to decide, with a few exceptions). Cenarium (talk) 13:27, 8 April 2011 (UTC)
- The community elects the Arbitration Committee to oversee advanced privileges. If the community wants us to consult them on every decision we make in regards to advanced privileges, there's probably not much point to having a committee in the first place. This change has nothing to do with political goals, it's a simple technical change that should probably have been applied at a meta level long ago. As food for thought, adding viewdeleted privileges to other rights bundles is not a new concept, as seen by the list that follows. –xenotalk 14:31, 8 April 2011 (UTC)
- If this were a regular decision in regards to advanced privileges, I doubt it would have been posted on this noticeboard. It's the first time that ArbCom files a bug request requesting a change in the permissions of a usergroup, Xeno, you know very well that this is not a regular decision regarding advanced privileges. The community has delegated to the committee the authority to oversee the use of advanced permissions (granting, removing, ensuring policy compliance, etc, a task which due to its constitution is not suitable for the community to do directly), it does not extend to changing the actual permissions. I am still puzzled as to why you do not want to consult the community. The list below proves my point, fr.wp requested the changes as a result of a community decision (linked below), it was not
decreedrequested by their arbcom. Cenarium (talk) 17:37, 8 April 2011 (UTC)- I never said I didn't want to consult the community - I simply feel that a good deal of the community probably trusts the Arbitration Committee to make good decision for the betterment of the project (i.e. the role for which the Arbitration Committee is elected), and doesn't need to be asked about every minor detail. However, given your vociferous procedural opposition to a technical change that you actually support (apparently because you see this as some kind of "power grab"), I would wager the developers will ask us to consult the community (again). –xenotalk 17:44, 8 April 2011 (UTC)
- I am concerned when arbcom goes beyond its authority, yes. But in no way I've been vociferous. This isn't really a question of procedure, but of staying within its role. This isn't a minor detail, this is a configuration change (requiring a bug request, etc), apparently politically charged. The community trusts arbcom to a reasonable extent, provided that it stays within its role. Most of the big controversies around arbcom resulted of arbcom going outside of its role. I've long been concerned by this, over the years I've seen several decisions which were going way beyond the role of arbcom. I won't expose the well-known ones (e.g. the ACPD), I'll just give two examples. Arbcom in Macedonia 2 'strongly advised' the community to effectively ban the replacement of "Macedonia" by "FYROM" (any instances of changing the word "Macedonia" to "FYROM" (...) shall be prevented) using the abusefilter. This is a content ruling, absolutely outside of arbcom's remit, and the suggestion to use the abusefilter to control content is appalling, I don't understand why there hasn't been more consideration given to objections by fellow arbs (note that the community never followed the advise). Another case which worried me is when several arbs wanted to formally request that the toolserver management "reevaluate the propriety of MZMcBride's continued access to the toolservers", that is to say, they pushed to remove MZMcBride's toolserver access. And that based on flimsy grounds, while there were no indication that the community wanted this, disregarding the benefits of MZM's access, it was obviously outside of their role, arbcom just can't make requests on behalf of en.wp to other sites, hopefully this didn't pass. Yes, I think the community should be watchful of arbcom's excursions outside of its authority. Cenarium (talk) 01:20, 9 April 2011 (UTC)
- I never said I didn't want to consult the community - I simply feel that a good deal of the community probably trusts the Arbitration Committee to make good decision for the betterment of the project (i.e. the role for which the Arbitration Committee is elected), and doesn't need to be asked about every minor detail. However, given your vociferous procedural opposition to a technical change that you actually support (apparently because you see this as some kind of "power grab"), I would wager the developers will ask us to consult the community (again). –xenotalk 17:44, 8 April 2011 (UTC)
- If this were a regular decision in regards to advanced privileges, I doubt it would have been posted on this noticeboard. It's the first time that ArbCom files a bug request requesting a change in the permissions of a usergroup, Xeno, you know very well that this is not a regular decision regarding advanced privileges. The community has delegated to the committee the authority to oversee the use of advanced permissions (granting, removing, ensuring policy compliance, etc, a task which due to its constitution is not suitable for the community to do directly), it does not extend to changing the actual permissions. I am still puzzled as to why you do not want to consult the community. The list below proves my point, fr.wp requested the changes as a result of a community decision (linked below), it was not
- The community elects the Arbitration Committee to oversee advanced privileges. If the community wants us to consult them on every decision we make in regards to advanced privileges, there's probably not much point to having a committee in the first place. This change has nothing to do with political goals, it's a simple technical change that should probably have been applied at a meta level long ago. As food for thought, adding viewdeleted privileges to other rights bundles is not a new concept, as seen by the list that follows. –xenotalk 14:31, 8 April 2011 (UTC)
- en.wp 'researcher' includes 'browsearchive', and 'deletedhistory'
- fi.wp 'arbcom' includes 'deletedhistory', 'deletedtext', and 'undelete'
- fr.wp 'checkuser' includes 'browsearchive', 'deletedhistory' and 'deletedtext'
- hi.wp 'eliminator' includes 'delete', 'undelete', 'rollback', 'browsearchive', 'deletedhistory', and 'deletedtext'
- nl.wp 'checkuser' includes 'deletedhistory', 'deletedtext', and 'browsearchive'
- nl.wp 'arbcom' includes 'deletedhistory', 'deletedtext', and 'browsearchive'
- pt.wp 'eliminator' includes 'browsearchive', 'delete', 'nuke', 'undelete', 'deletedhistory', 'deletedtext', 'autopatrol', and 'suppressredirect'
- (list prepared by User:John Vandenberg)
- The researcher usergroup has been mandated by the WMF, it's not 'under the jurisdiction' of the community, or Arbcom. The addition of the rights to the CU group by the french wikipedia was the result of a community decision, fr:Wikipédia:Prise de décision/Droits supplémentaires aux vérificateurs d'adresses IP. I would be surprised that this would not be the case for all others. The English Wikipedia arbcom is comparatively the most powerful of arbcoms in wmf wikis, and by far. Cenarium (talk) 16:38, 8 April 2011 (UTC)
break
- The Arbitration Committee does not control how userrights are configured, and is not trying to. This announcement is a request from ArbCom that the developers institute these changes. If any members of the community disagree then, rather than criticising the request, they might instead try to get a community consensus in support of not making the changes. I do happen to think that the configuration of the CU/OS userrights is the purview of the arbitrators, but that's not relevant to this discussion because, as I said, this is a request, not a directive. AGK [•] 13:59, 8 April 2011 (UTC)
- Your position is contradictory. On one hand you say it's just a request, nothing like a decision. On the other hand, you say that instead of, as always, requiring consensus for making changes, the burden of consensus building should be reversed and it's up to the opposers to build a consensus against the move; but then it's not 'just a request', since according to you it reverses the burden of consensus. And no, the configuration of the CU/OS rights is certainly not under the purview of arbs, it's under the purview of the WMF and their devs; and they'd never give arbcom the 'purview' to configure such highly sensitive permissions. The community can decide to add some existing rights to the CU usergroup where it makes sense, but certainly not arbcom which has no authority to make bug requests on behalf of en.wp.
- In addition, there has been a community decision on a related subject, Wikipedia:Village pump (proposals)/Persistent proposals/Straw poll for view-deleted. Remember that this discussion was done at the request of ArbCom ? It was soundly rejected, and Mike Godwin even made clear that this was not going to happen for legal reasons. Of course this is of little relation to this case since CU/OS have higher requirements, but this shows that you should really not do things like that without community consultation. Cenarium (talk) 16:38, 8 April 2011 (UTC)
- I think there's a fairly simple solution here. If a user is granted CU but is not an admin they still can't block anybody, so there's really no problem there. Persons using OS who have the ability solely for AUSC purposes should be required to limit their use of the tool to viewing only and should not be able to actually suppress material without going through the regular process. Although I had thought that, as has been mentioned, the Foundation said we can't give the ability to see deleted contribs to non-admins. I can't imagine how there is any legal basis to that position, we don't know the real life identities of most admins and we do know them, or at least the Foundation does, for functionaries. Beeblebrox (talk) 19:54, 8 April 2011 (UTC)
- oppose. If someone is trusted to be a CU, they're trusted to be an admin - although it does bring up "why do we allow resigned, retired or kicked-out-at-the-last-election'd arbitrators to keep associated userrights, userrights normally granted after a display of community trust, when the fact that they weren't re-elected or don't hold the associated role any more indicates they aren't trusted?" Ironholds (talk) 01:04, 9 April 2011 (UTC)
- So you too are implying that anyone without an admin flag is untrustworthy. I actually find this more concerning than any of the other arguments on this page, and it bodes very poorly for the project that at least some administrators think the only trustworthy people on the project are...them. Risker (talk) 01:23, 9 April 2011 (UTC)
- No he does not imply this. Please take more care at reading what users say before jumping to make such unfounded allegations. Cenarium (talk) 01:30, 9 April 2011 (UTC)
- I don't know, that is certainly how I read it, and I know it's how a lot of non-admins read it too; perhaps you are correct, though, and what he means is that we should give adminship to anyone we appoint as checkusers. I can't, however, imagine that such an idea would get even a single support within the Arbitration Committee. Risker (talk) 01:34, 9 April 2011 (UTC)
- Not at all; I'm suggesting that anyone without the admin flag has not got the required stamp of approval to be classified as that trustworthy. Sure, you can know the law perfectly - but nobody hires you as a lawyer without the exams to back it up. X or Y can be the most level-headed individuals to ever be considered for CU access - but without some sort of formal validation by the community, we have no reason to assume they are trusted to that degree. You don't seem to have actually read what I wrote. I didn't say "give all checkusers admin status", I said "*don't* give checkuser status to those who aren't admins". There's a gap between "trustworthy" and "trustworthy enough to get [specific and dedicated access]". Ironholds (talk) 01:38, 9 April 2011 (UTC)
- Risker is quite right. The idea that all administrators are trusted to even find their own arses using both hands is quite simply risible. Malleus Fatuorum 02:35, 9 April 2011 (UTC)
- I am relieved to hear that you don't consider the option to grant adminship by fiat as viable alternative, as the way Jclemens presented this as the only other option had me worried. That being said, it's really not helpful to make sarcasm of the position of others. I want to add that everyone wants high standards for granting CU/OS, and that it is perfectly reasonable to consider that passing RFA is a legitimate test of the trust of a user and provides for scrutiny and feedback (and would certainly provide much more than the CU/OS or AUSC elections as currently practiced). Cenarium (talk) 01:58, 9 April 2011 (UTC)
- Not at all; I'm suggesting that anyone without the admin flag has not got the required stamp of approval to be classified as that trustworthy. Sure, you can know the law perfectly - but nobody hires you as a lawyer without the exams to back it up. X or Y can be the most level-headed individuals to ever be considered for CU access - but without some sort of formal validation by the community, we have no reason to assume they are trusted to that degree. You don't seem to have actually read what I wrote. I didn't say "give all checkusers admin status", I said "*don't* give checkuser status to those who aren't admins". There's a gap between "trustworthy" and "trustworthy enough to get [specific and dedicated access]". Ironholds (talk) 01:38, 9 April 2011 (UTC)
- I don't know, that is certainly how I read it, and I know it's how a lot of non-admins read it too; perhaps you are correct, though, and what he means is that we should give adminship to anyone we appoint as checkusers. I can't, however, imagine that such an idea would get even a single support within the Arbitration Committee. Risker (talk) 01:34, 9 April 2011 (UTC)
- No he does not imply this. Please take more care at reading what users say before jumping to make such unfounded allegations. Cenarium (talk) 01:30, 9 April 2011 (UTC)
- So you too are implying that anyone without an admin flag is untrustworthy. I actually find this more concerning than any of the other arguments on this page, and it bodes very poorly for the project that at least some administrators think the only trustworthy people on the project are...them. Risker (talk) 01:23, 9 April 2011 (UTC)
- I would be concerned about this proposal. The idea of handing out these rights was always that there was a degree of progression, with adminship being the entry level, if you like. The reason that matters (whether you think RfA is broken or not) is that there are lots of eyes on the candidate during RfA, so the hope is that, if there's an obvious issue, it will be spotted. The fewer eyes, the less likely that is to happen, and the benefits of extending CU and oversight access aren't obvious anyway. Is there a problem of not having enough CU candidates? SlimVirgin TALK|CONTRIBS 01:16, 9 April 2011 (UTC)
- As a matter of fact, yes there have been issues with inadequate numbers of both CU and OS candidates. However, unless I am mistaken this adjustment is just for purposes of the audit subcommittee. These users would not be involved in blocking anyone or actually suppressing anything, they would be auditing the work of the users who were appointed through the more traditional processes. I mentioned this earlier but nobody seemed to notice. Beeblebrox (talk) 02:35, 9 April 2011 (UTC)
- "These users" is just one, at the moment, but yes: the entire point of decoupling permissions is to allow the isolated function of review of advanced permission use, without being able to function as or needing to be "an administrator". Jclemens (talk) 02:47, 9 April 2011 (UTC)
- RfAs are often many years old, and many current sysops say they wouldn't pass another RfA now, so how useful is that as a prereq? My preference is that all OS/CU/AUSC appointments are done after an election, because at least that is fresh data, and focused on the candidates application for the specific role. However the committee has chosen to return to use a committee vote for the selection process, and it seems to be working ok as well. The "many eyes" of an RfA can also be brought to bear on the nomination pages, with the added benefit that ArbCom allows for private opinions. John Vandenberg (chat) 07:55, 9 April 2011 (UTC)
- John, the reason I mentioned RfA wasn't for the popularity aspect, but because many eyes were on that person's contribs, which would often (not always) throw up any very serious issue. If the Committee is also not requiring elections for CU/OS, and wants applicants not to have been through an RfA, that means no community input of any kind is backing that candidate. It would mean the ArbCom alone simply choosing who to give CU/OS to, and who to place on the functionaries list. And realistically that will mean maybe just one or two people on the ArbCom, because when someone is suggested, the others won't want to object unless the objection is very serious. This can't be a good thing. SlimVirgin TALK|CONTRIBS 18:24, 9 April 2011 (UTC)
- It can be helpful in some cases, which is already a good thing. Just so that this is clear, I think adminship should be a requirement for regular CU/OS because this work requires to perform tasks often similar to adminship so this allows to see how good the user is at it, CU/OS is really just particularly sensitive admin work, and there are a good many practical advantages (for example, it's nice for an oversighter to be able to delete pages). However I don't view this as a requirement for ArbCom or AUSC (hence my support for the technical change, also for a few other minor reasons). Regarding at-large AUSC members, I think they should be elected together with arbitrators in the annual arbcom elections. Regarding the regular CU/OS appointments, it's true to an extent that an election may not have been the best appointment process, but I think the way this is practiced now doesn't invite enough community participation, whether you want it or not, people will be more inclined to participate if they can make a 'vote' that can make the difference. This is why we could have a confirmation vote, with a majority needed to confirm the candidacy, but whose comparative results doesn't bind arbcom appointments. Cenarium (talk) 16:28, 9 April 2011 (UTC)
- I partially agree with Cenarium. The mop itself is not the point, for me. Community approval is a prerequisite for adminship, so it concerns me that somebody (not wishing to make this personal, I've a lot of respect for Bahamut) can be appointed to a position thought of as "higher" than adminship without any community approvals process. I would have no problem with a non-admin being elected or installed by consensus as a functionary/auditor/arb, because that shows that the person has the community's trust. HJ Mitchell | Penny for your thoughts? 18:14, 9 April 2011 (UTC)
- It can be helpful in some cases, which is already a good thing. Just so that this is clear, I think adminship should be a requirement for regular CU/OS because this work requires to perform tasks often similar to adminship so this allows to see how good the user is at it, CU/OS is really just particularly sensitive admin work, and there are a good many practical advantages (for example, it's nice for an oversighter to be able to delete pages). However I don't view this as a requirement for ArbCom or AUSC (hence my support for the technical change, also for a few other minor reasons). Regarding at-large AUSC members, I think they should be elected together with arbitrators in the annual arbcom elections. Regarding the regular CU/OS appointments, it's true to an extent that an election may not have been the best appointment process, but I think the way this is practiced now doesn't invite enough community participation, whether you want it or not, people will be more inclined to participate if they can make a 'vote' that can make the difference. This is why we could have a confirmation vote, with a majority needed to confirm the candidacy, but whose comparative results doesn't bind arbcom appointments. Cenarium (talk) 16:28, 9 April 2011 (UTC)
I urge Bahamut to stand for RfA if he wants to obtain CU/OS, then take it from there. We can't have situations where the rules are changed to accommodate one person (I mean no disrespect to Bahamut; I know nothing about him, so I'm speaking generally). We had a situation during the last ArbCom election where people were suggesting we change the rules mid-election about identifying to the Foundation. That kind of thing takes us in the wrong direction.
We want to become fairer as a community, less cabal-oriented, more professional. The Foundation has just made it a priority to recruit new editors and retain established ones, because the trend shows people are leaving and not arriving in the same numbers. The one thing that has plagued us for years is this appearance of cabalism at the top; and it doesn't matter whether it's accurate or not—we know it often isn't accurate—but the perception of it increases every time there's one of these proposals aimed at a specific person or group. Please, let's just stick to the system we have. Almost everyone who really wants to succeed at RfA does so in the end, if they keep plugging away at it—so for one person simply to refuse, but to ask for the higher permissions anyway, that's not something we should encourage. SlimVirgin TALK|CONTRIBS 18:34, 9 April 2011 (UTC)
- He has CU and OS and he is standing at RfA. HJ Mitchell | Penny for your thoughts? 18:48, 9 April 2011 (UTC)
- Then I'm confused on two points: (a) I thought this was a discussion about whether to make a technical change that would allow a non-admin to have CU; and (b) if he's standing for adminship anyway, what's the issue? SlimVirgin TALK|CONTRIBS 21:54, 9 April 2011 (UTC)
- There are some weirdness with how the tools actually work. OS without Admin allows one to see deleted revisions... but not if the page itself has been deleted. Jclemens (talk) 02:08, 10 April 2011 (UTC)
- Then I'm confused on two points: (a) I thought this was a discussion about whether to make a technical change that would allow a non-admin to have CU; and (b) if he's standing for adminship anyway, what's the issue? SlimVirgin TALK|CONTRIBS 21:54, 9 April 2011 (UTC)
- (ec) To your point about "accomodat[ing] one person", the fact is that Wikipedia's existing permission structures are pretty antiquated and don't follow security best practices. That's true with or without a non-admin functionary at the moment. Granted, Giano faced a number of self-imposed barriers to actually winning election to ArbCom, but there was a sizeable minority of folks who said "Why can't a non-admin serve on ArbCom?" So, given the proximate issue, we're solving the wider technical issue. By next ArbCom election, we should have the technical means for a non-admin to fulfill the ArbCom roles, such that what the community gets to decide is whether or not any particular non-admin is suited for the role. That's as anti-cabal as it comes. Jclemens (talk) 18:49, 9 April 2011 (UTC)
- The issue with Giano is that he didn't want to identify with the Foundation; his becoming an Arb without being an admin wasn't a concern that I'm aware of. The difficulty with making the technical change is the danger of Arbs alone deciding to give someone CU—without there having been an RfA, without there having been a CU election, without there having been an election for promotion to ArbCom. That's where the cabalism unease will come from, not to mention that editors will be worried that someone who hasn't been through any of those processes will have access to their IP addresses. SlimVirgin TALK|CONTRIBS 21:54, 9 April 2011 (UTC)
- I don't disagree with your summary of Giano's candidacy's failure, but the fact that he wasn't elected and thumbed his nose at the notion of identifying only postponed the need to intelligently deal with non-administrator functionaries. We have been actively debating whether a read-logs-only role (that is, access to who CU'ed who when) without the ability to rerun checkuser actions to verify that the conclusions reached followed logically from the findings would be sufficient for a non-admin Arb or a non-admin audit subcommittee member. Fundamentally, if we take away the "admin" bits, an auditor-like role could oversee other functionary use of the tools, without actually having the ability to initiate e.g. CU's on their own. While some appear to have assumed that no non-administrator could be appointed to CU or OS, the committee has not seen that as a barrier--one of the top three most recent audit subcommittee community applicants, based on both community feedback and ArbCom validation of that feedback, was a non-admin. Now, he appears to be well on the way to having that level of confidence confirmed by his own RfA, but that's somewhat beside the point: it wasn't a showstopper. Jclemens (talk) 02:06, 10 April 2011 (UTC)
- That's exactly what I'm finding odd about this entire discussion. The AUSC appointments were widely advertised and open for comment for quite some time. Its only now that these objections are being raised. I took the time to review the candidates and add my own comments at the time. I didn't comment on Bahamut0013 because I didn't have anything to say. I don't recall any significant interactions with him and there were no obvious red flags. There was an open process where user input was specifically requested. The fact that it wasn't in the snake pit at RFA doesn't change that. Beeblebrox (talk) 03:11, 10 April 2011 (UTC)
- I don't disagree with your summary of Giano's candidacy's failure, but the fact that he wasn't elected and thumbed his nose at the notion of identifying only postponed the need to intelligently deal with non-administrator functionaries. We have been actively debating whether a read-logs-only role (that is, access to who CU'ed who when) without the ability to rerun checkuser actions to verify that the conclusions reached followed logically from the findings would be sufficient for a non-admin Arb or a non-admin audit subcommittee member. Fundamentally, if we take away the "admin" bits, an auditor-like role could oversee other functionary use of the tools, without actually having the ability to initiate e.g. CU's on their own. While some appear to have assumed that no non-administrator could be appointed to CU or OS, the committee has not seen that as a barrier--one of the top three most recent audit subcommittee community applicants, based on both community feedback and ArbCom validation of that feedback, was a non-admin. Now, he appears to be well on the way to having that level of confidence confirmed by his own RfA, but that's somewhat beside the point: it wasn't a showstopper. Jclemens (talk) 02:06, 10 April 2011 (UTC)
- The issue with Giano is that he didn't want to identify with the Foundation; his becoming an Arb without being an admin wasn't a concern that I'm aware of. The difficulty with making the technical change is the danger of Arbs alone deciding to give someone CU—without there having been an RfA, without there having been a CU election, without there having been an election for promotion to ArbCom. That's where the cabalism unease will come from, not to mention that editors will be worried that someone who hasn't been through any of those processes will have access to their IP addresses. SlimVirgin TALK|CONTRIBS 21:54, 9 April 2011 (UTC)
- My concern is that we've had security failures—if that doesn't sound too dramatic—after RfAs (people turning out to be someone else, or a banned user, etc). And we've had a couple of similar problems after ArbCom elections. So those two processes are very imperfect. But the solution is not to have almost no transparent process at all, because that's likely to mean more mistakes.
- The ability to read everyone else's CU results going back several months has the potential to cause real harm when IPs are exposed, but a search like that isn't logged anywhere, because it's just passive looking. So there has to be some kind of filter for CU candidates—no matter how imperfect—that involves many eyes, whether it's an RfA or an ArbCom election, or a rigorous CU election process. Hardly anyone seems even to know when or how these CU appointments are made. For example, how did Bahamut come to be chosen from Wikipedia:Arbitration Committee/Audit Subcommittee/2011 appointments? (Again, no disrespect intended; I just don't know what the process is.)
- The issue for me isn't—this person isn't an admin. The issue is—this person has been selected by a very small number of people, and it's not clear that they've demonstrated a need for the tools, or a prior interest in doing the kinds of things the tools are needed for. SlimVirgin TALK|CONTRIBS 04:08, 10 April 2011 (UTC)
- Slim, do you have a problem with the technical change being proposed (to let CU and OS see deleted pages)? The policy issue (whether non-admins can have those permissions) is separate. OS can see suppressed edits, which are presumably even more sensitive than deleted pages, so letting them see deleted pages seems like a no-brainer. CU is a little bit different, but CU's are authorized to handle confidential about users, so I'd think they can also be trusted with deleted pages. But giving deleted page access to OS's while withholding it from CU's would in any case serve AUSC's purpose since AUSC members get both permissions. I also like the idea of letting auditors see the audit log of CU access without seeing the actual CU results, though the log itself is also privacy-sensitive. Finally, IMHO, re the appointments, arbcom made good choices. At least going by the candidate statements, Bahamut and Keegan seem like the best qualified (some others were pretty good too of course). And for "cabal"-phobes, Bahamut and Keegan's apparent prior relative non-involvement(?) in wiki-politics actually makes them more attractive as outside monitors. 75.57.242.120 (talk) 06:46, 10 April 2011 (UTC)
- Point of order, although the CU bit lets you examine a log of checks that have been ran, you cannot see what was revealed in that check without actually rerunning the check yourself, and therefore making an entry in the log. (Though, to be fair, an intelligent person could figure some information out just be examining what was logged in a rapid sequence.) Courcelles 08:15, 10 April 2011 (UTC)
- Slim, do you have a problem with the technical change being proposed (to let CU and OS see deleted pages)? The policy issue (whether non-admins can have those permissions) is separate. OS can see suppressed edits, which are presumably even more sensitive than deleted pages, so letting them see deleted pages seems like a no-brainer. CU is a little bit different, but CU's are authorized to handle confidential about users, so I'd think they can also be trusted with deleted pages. But giving deleted page access to OS's while withholding it from CU's would in any case serve AUSC's purpose since AUSC members get both permissions. I also like the idea of letting auditors see the audit log of CU access without seeing the actual CU results, though the log itself is also privacy-sensitive. Finally, IMHO, re the appointments, arbcom made good choices. At least going by the candidate statements, Bahamut and Keegan seem like the best qualified (some others were pretty good too of course). And for "cabal"-phobes, Bahamut and Keegan's apparent prior relative non-involvement(?) in wiki-politics actually makes them more attractive as outside monitors. 75.57.242.120 (talk) 06:46, 10 April 2011 (UTC)
- The issue for me isn't—this person isn't an admin. The issue is—this person has been selected by a very small number of people, and it's not clear that they've demonstrated a need for the tools, or a prior interest in doing the kinds of things the tools are needed for. SlimVirgin TALK|CONTRIBS 04:08, 10 April 2011 (UTC)
- Well I'm sorry (and surprised) to have kicked off so much drama with what I thought was a non-provocative query. My thoughts:
- I don't have any problem with the bugzilla ticket on purely technical grounds, for reasons described just above (in my reply to SlimVirgin). The policy concerns of giving CU/OS to non-admins are separate (and valid), though Bahamut seems to be passing RFA nicely right now. More generally I'd say future AUSC appointments should get more attention from users if they have concerns.
- Re Jclemens "security best practices": I've long felt that access to deleted pages is the most powerful and dangerous ability that admins have. Just about everything else (blocking, deleting the main page, etc.) can only cause on-wiki disruption that's usually easily reversed. Deleted-page access is apparently unaudited and conceivably makes far-reaching disclosures (obnoxious BLP material, say) that can only be undone by erasing the person's mind. For that I'd consider CU/OS to be "cumulative" rather than "standalone" in terms of trust level, if they allow access to deleted pages.
Admin has never been treated as "root access"--that's why we used to say "adminship is no big deal", because admin tool operations were considered reversible. Adminship is a big deal now mostly for policy reasons (admins have much more authority in DR than they used to) rather than "security" (controlling access to the technical tools). (FWIW, I'm squicked out by the existence of "researcher" and I wonder what purposes that bit has been used for--I guess I should read the meta page about it...)
- I think the viewing of deleted pages by admins and others should be logged by the software with the logs visible to CU, for reasons given above. That gets off-topic for this discussion though.
- I don't see a problem with the idea of arbcom endorsing a bug report/RFE. They've certainly informally encouraged various software changes in the past.
- Before Bahamut's situation arose, I kind of doubt it occurred to anyone in this discussion that CU/OS didn't already have access to deleted pages, and I doubt anyone would have minded if they did. So I don't see much point to getting worked up about it on the technical side now. I thought we had gotten past the idea of turf battles between users and arbcom.
- 75.57.242.120 (talk) 07:26, 10 April 2011 (UTC)
- You don't need to be sorry for sparking questions. As I see it, you have several members of ArbCom explaining politely to several dedicated community members what we were thinking and wny. As far as access to deleted pages goes, I suppose I could use a little bit more education on why it's such a big deal. Bad person A writes something, user B notices, Admin C revdel's and contacts oversight, Oversighter D removes it from admin view, and audit subcommittee member E reads it later. Actions of A, C and D are logged, but B is not (and B may be Google's indexing service). While B may have a time-limited window and E does not, what, precisely, is E going to do with something which was posted publicly then oversighted to cause harm to the project? I get that a lot of stuff is icky, nasty, defamatory, whatever... but not how access by one or more non-admin oversighters will make a significant difference in the risk profile. Jclemens (talk) 07:44, 10 April 2011 (UTC)
- I'm talking about bad stuff that is deleted but not oversighted (there are tons of it). Most admin tool misuse (delete main page, block Jimbo) is visible and can be undone easily. From what I understand, accessing deleted pages by admins isn't even detectable. I think you can figure out the rest. This doesn't pertain to AUSC (which is why I called it off-topic); it's just pointing out a flaw in the theory that admin tool use is reversible. 75.57.242.120 (talk) 16:37, 10 April 2011 (UTC)
- You don't need to be sorry for sparking questions. As I see it, you have several members of ArbCom explaining politely to several dedicated community members what we were thinking and wny. As far as access to deleted pages goes, I suppose I could use a little bit more education on why it's such a big deal. Bad person A writes something, user B notices, Admin C revdel's and contacts oversight, Oversighter D removes it from admin view, and audit subcommittee member E reads it later. Actions of A, C and D are logged, but B is not (and B may be Google's indexing service). While B may have a time-limited window and E does not, what, precisely, is E going to do with something which was posted publicly then oversighted to cause harm to the project? I get that a lot of stuff is icky, nasty, defamatory, whatever... but not how access by one or more non-admin oversighters will make a significant difference in the risk profile. Jclemens (talk) 07:44, 10 April 2011 (UTC)