When decreasing the protection level, a page is sometimes saved with "move=autoconfirmed" only, which has no effect since move is restricted to autoconfirmed users (on Wikipedia). It's an inconvenience for maintenance activities and it confuses bots. So when a page is saved with "move=autoconfirmed" only, could it be read as an unprotection by mediawiki?
Better still, change the interface so that move=autoconfirmed isn't even an option (move protection really only needs to be a checkbox, 'sysop' or nothing, on wikis without additional levels).
This might require some fairly tricky logic to pull off in the general case. I really don't think we want to write specific hacks for particular permissions setups, although admittedly the protection system is full of those as-is . . .
I thought about this somewhat after it was brought up on enwiki's village pump. The main issue is that it requires the software to "know" the hierarchy of protection levels. Protection levels are technically based on rights, not groups. The 'sysop' in $wgRestrictionLevels is treated as 'protect'. I guess what you'd have to do is look up all the groups that have a given permission (such as 'move') and then you'd need some logic to determine if the requested configuration (move=autoconfirmed) is equivalent to or less restrictive than the default. Since restrictions can have separate expires, this would also need to be checked whenever a permission expires.
The other option is redoing the protection config variables. Instead of having separate $wgRestrictionTypes and $wgRestrictionLevels, have a combined $wgRestrictions or something with a format like
$wgRestrictions = array('edit'=>array('autoconfirmed', 'sysop'), 'move'=>array('sysop'));
though the protection form and any other uses of the protection types/levels variables would have to support both config options for backwards compatibility, which could potentially be ugly.
Yeah, that's the basic problem: how do you figure out if one right implies another? What happens, for that matter, if a sysadmin changes $wgGroupPermissions -- suddenly all protections of a given type should vanish?
It might make more sense to allow *manual* specification of a certain type of protection that should be prohibited. So you could do something like
$wgProhibitedRestrictions['move'] = 'autoconfirmed';
to achieve the desired effect, say. You might need to fiddle with the UI considerably to make this work nicely, though.
It would probably be better to change the semantics of $wgRestrictionLevels to allow separate arrays for each action, as in:
$wgRestrictionLevels = array(
'edit' => array( '', 'autoconfirmed', 'protect' ), 'move' => array( '', 'protect' ),
(I _think_ PHP arrays are sufficiently flexible that we could support both the current and the proposed syntax, or even a mixture of the two, with the same variable. The alternative, of course, would be to introduce a new config variable and deprecate $wgRestrictionLevels.)