I don't want anything to stand in the way of good users Perhaps something similar to autoconfirmed as Thehelpfulone suggested, i.e. X total edits across all Wikimedia projects (or on a single Wikimedia project), and account was created Y days ago. There are details to work through with that (e.g. how do we verify bugzilla user a...@b.com owns the global account they say they do?), but I think it's a good approach.
Dan On 6 November 2013 15:38, Rob Lanphier <ro...@wikimedia.org> wrote: > On Wed, Nov 6, 2013 at 5:24 AM, MZMcBride <z...@mzmcbride.com> wrote: > > > Our Bugzilla installation at <https://bugs.wikimedia.org/> currently > > restricts the capabilities of new users as a knee-jerk response to prior > > Bugzilla-related vandalism. There are further details at > > <https://bugzilla.wikimedia.org/40497>. > > > > > As I recall, Mark Hershberger and Ariel Glenn were the ones that dealt with > most of the aftermath of the attacks that we received that ultimately led > to it being turned off. It was not a knee jerk response. We temporarily > turned it off and turned it back on a few days later, only to have dozens > (hundreds?) of bugs altered in a way that was not easily reversed. > > In consulting with the Bugzilla developers (I believe I may have sent a > public mail about this to their list), their answer was essentially that > Bugzilla was never designed for giving editbugs to untrusted users, and > that by doing so, we had what was coming to us. > > We tried reversing it several times, and each time were rewarded with an > arduous cleanup task. We gave up trying after months. So, calling it > "kneejerk" is simply wrong. We had a determined vandal who may still be > among us, and will likely exploit whatever loophole we open up. > > > Increasingly new users are making manual requests to be assigned to bugs, > > as they cannot edit others' bugs by default. This is problematic and > > disruptive to development efforts. > > > > My suggestion is to re-add the "editbugs" user right to new users by > > default (revert the old settings adjustment). Otherwise, an acceptable > > workaround needs to be found. > > > > I don't think we can pretend that the vandalism issue is solved, because it > isn't. Bugzilla doesn't have the vandalism fighting tools that MediaWiki > does. > > We can certainly do something different than what we're doing, though. It > should be easy to get editbugs; just not so easy that a vandal can get it. > > Anyone have any ideas how to mitigate the vandalism problem? > > Rob > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > -- Dan Garry Associate Product Manager for Platform Wikimedia Foundation _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l