Forum:Limiting access to the AbuseFilter extension
After some concerns have been raised over the damaging potential of AbuseFilter, and discussing with some other people who are active and competent in its use, I think that it would be best if we create a new usergroup for abusefilter managers. The new group:
- Will contain all rights associated with abusefilter. The right that allows all actions by a certain filter to be reverted will remain in the sysop group.
- Can be requested by any admin,
via starting a forum on the Yew Grovevia a section on the bureaucrat requests page, with a short response time for comments. In that forum, the candidate should provide some sort of example of their proficiency in that area.
The rational behind this is quite simple:
- AbuseFilter can be easily abused, and can do some very harmful things (such as removing all extra groups from a user, including a bureaucrat or sysop - not sure about global rights).
- AbuseFilter can be easily misused by someone who isn't very competent with the workings of it.
While neither of these things have happened yet, nor would I expect them to happen, I can see someone like liquid helm going to "fix" a filter per a request at RS:AR, and breaking something. Basically, it makes sense if access to this was limited to people who know how to use it. I personally don't think that the requesting process should be very difficult, but the candidate should be able to demonstrate their knowledge of the extension.
Support - I guess there are possible major implications.
However, I feel that making a Yew Grove thread for each request is a bit excessive, perhaps sysops should ask for the tools on 'crat requests and include a short paragraph demonstrating understanding. Ajr changed it so full support then. 222 talk 01:10, April 15, 2011 (UTC)
Strong support - Great idea. Per nom. Suppa chuppa 01:39, April 15, 2011 (UTC)
- I think it was a hypothetical situation. Suppa chuppa 02:51, April 15, 2011 (UTC)
- Ajrabbitz, are you trying to insult my proficiency in wiki code? >=( Well.... actually, I suppose this is one of the few times that you'd be right. --LiquidTalk 02:51, April 15, 2011 (UTC)
Oppose - Since there is no extra requirement per se we should be able to trust that admins can follow directions. If we say that it should not be edited by anyone that doesn't fully understand how it works and how to code it then that should be enough. If we can't trust someone to do that, then they shouldn't be an admin. Another small thing, is a usergroup for 2 or 3 people really necessary?13:18, April 15, 2011 (UTC)
What Sentra said - I personally only did AR requests with mediawiki things (ie something I don't understand) from people I trusted who knew the code (ex-Ryan). If it's just from someone random we will probably lay off it, so I don't see it as a big deal. HaloTalk 18:32, April 18, 2011 (UTC)
Strong support - It's not like it's much harder to be able to modify abusefilters for current admins. If you have any use for editing them you will also pass a request. It's just that I agree admins who don't know how it works should not be able to touch it. I don't see what the problem is with this change, other than that admins will lose their preshus abusefilter modify right. JOEYTJE50TALK pull my finger 19:00, April 18, 2011 (UTC)
Withdrawn - After thinking about it for a while, I believe that it is best for all admins to have access to it. Especially in situations where access to it could stop vandalism, it isn't that hard to learn, and I think that there is a net positive from allowing admins unrestricted access to it. I won't close this, however - if people still want to discuss, go ahead, but keep in mind that I now oppose this. ajr 00:32, April 22, 2011 (UTC)
- Then I think the admin who does requests by other users should be sure what he's doing, or should be sure the user requesting it knows what he's doing. Even though this is quite obvious, I just wanted to say this. JOEYTJE50TALK pull my finger 15:50, April 22, 2011 (UTC)
Comment - If we're not going to restrict access here, I would like to ask for a small change in how we edit the filters. While the first part of the notes section should remain a description of the filter, I would like to see each editing admin add a short summary of their changes each time they edit a filter, as seen here. It would help everyone understand what the other person is doing, and therefore help fix possible errors more effectively. Without edit summaries it can be very hard to tell exactly why people are making certain changes. --Aburnett (Talk) 01:56, April 25, 2011 (UTC)
- Good idea, especially considering how hard it is to find the logs, and trying to read them (not being sarcastic). This would make it easier to tell why some changes have been made, as well. ajr 14:59, April 25, 2011 (UTC)
Closed - There is no consensus to limit the abusefilter user right, but I would advise each administrator to exercise caution when modifying their definitions, and to leave summaries like Bernie kindly suggested above when doing so. --LiquidTalk 20:36, May 1, 2011 (UTC)