Page MenuHomePhabricator

Confirmation of flag assignment by other bureaucrats
Open, NormalPublicFeature

Description

This proposal is mainly for large Foundation projects, but I think, for other major projects based on MediaWiki, it will also be useful.

Sometimes it happens that the flag of the bureaucrat is given or want to give out to participants who don't have an administrator flag. But the administrator’s flag can be given by bureaucrat’s clicking one mouse button, without any control. This can be done by an angry community member or the person who stole the account.

What if you create a setting that would allow you to give an administrator flag or any other only with the confirmation of another bureaucrat? This will protect the community from sudden violations with the flag of the bureaucrat. It will also allow the flag of the bureaucrat to be given without an administrator flag, since there will be no worries that the bureaucrat will give an admin flag for himself.

Event Timeline

Iniquity created this task.Tue, Aug 20, 2:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptTue, Aug 20, 2:35 PM
Iniquity changed the subtype of this task from "Task" to "Feature Request".Tue, Aug 20, 2:36 PM
Iniquity updated the task description. (Show Details)
Iniquity renamed this task from Flag confirmation by other bureaucrats to Confirmation of flag assignment by other bureaucrats.Tue, Aug 20, 2:42 PM
DannyS712 added a subscriber: DannyS712.EditedTue, Aug 20, 2:42 PM

The second use case (not granting self admin) is similar to T44072. It can also be implemented separately - this task calls for requiring two 'crat accounts working together to be able to grant +sysop, while the second idea here and the linked task call for, similar to the distinction between wgGroupsAddToSelf and wgAddGroups, something like wgGroupsAddToOthers (and remove)

sbassett triaged this task as Normal priority.Tue, Aug 20, 2:47 PM
sbassett removed a project: Security-Team-Reviews.

If the first use-case (requiring a second bureaucrat's confirmation to promote admins) is done, it should be opt-in only, and should not have any effect if a wiki only has a single bureaucrat for (hopefully) obvious reasons.

Change 531319 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] Add wgGroupsRemoveFromOthers and wgGroupsAddToOthers user group configuration options.

https://gerrit.wikimedia.org/r/531319

Sorry, that patch is primarily for T44072

I'm wondering why the problems cannot be solved by simply removing the b'crat flag from the angry community member or stolen account. why don't we keep things simple stupid? if the logic goes like this, do we need two CUer to CU; two OSer to OS? or we need to have two stewards together to do somethings?