Wikiversity talk:Interface administrators

Implementation
Interface administrator rights were initially discussed at. I'll repeat my summary comment from that discussion:


 * Based on the most recent description, and the (lack of) frequency of editing the user interface, this doesn't seem to be something that anyone needs on a regular basis. In a typical computing environment, users would have different accounts for different roles, only logging in as an administrator when necessary. In this environment, we have one account, but can adjust the roles when needed.

My preference is for no one to have the role on a permanent basis. I'd rather see us take one of two approaches:
 * 1) Interface administrator can be added on request for a short period of time (1 day or perhaps 1 week) to allow the changes to be made, and then the right expires again. It is up to the bureaucrat considering the request as to whether or not the user making the request is qualified to make the change.
 * 2) We can have a formal approval process for who is allowed to make user interface changes. Bureaucrats would only be able to authorize one of these users for a period of time (1 week - longer shouldn't be necessary).

There are two reasons for my hesitation to add the role permanently. 1) The role was created because this is a security risk. Accounts become compromised. The fewer rights someone has, the less risk is involved. 2) Requiring request and approval ensures that anyone wanting to make a user interface change runs their idea past a bureaucrat for review.

There have been three instances I can recall of users requesting user interface changes since the new role took effect 14 months ago. In two of the requests, the user was granted rights to make the changes. In the third request, I granted myself rights to make the change on behalf of the user. This has worked well with minimum delay and, from my perspective, proper oversight and control. I would advocate for the first option, with bureaucrats adding the role on request and a 24-hour expiration, which may be extended as needed for further testing.

Dave Braunschweig (discuss • contribs) 14:47, 20 October 2019 (UTC)


 * Thanks for the link; I missed that thread. Above sounds good. Given how infrequent the need is we should have a simple process. --mikeu talk 17:32, 20 October 2019 (UTC)
 * As per discussion on Request_custodian_action I am just adding a couple of points. As indicated by the recent request, to receive Interface Admin rights according to the WM:Meta Policy the user needs to have set up Two-factor authentication. This is because of the high security risk for this user right. On Wikispecies we have a semi permanent Interface Administrator as per Wikispecies Local Policy The user has the rights for maximum of 12 months at a time and is a highly trusted member of the Wikimedia Foundation. However, I do not think this is necessary and granting this right temporaily for a period of 24 hours to a maximum of 2 weeks is reasonable but should still be restricted to trusted users, they will usually have at least some administrative role already, demonstrate knowledge of CSS / Java whatever they are intending to do. They must also have the necessary security login as mentioned above. Cheers Scott Thomson  ( Faendalimas ) talk 15:33, 24 October 2019 (UTC)

Musing from DannyS712
The outstanding phab request is now resolved (see T238967) and this discussion is closed as having support from the community. --mikeu talk 00:54, 26 November 2019 (UTC)

Hi. I thought I should share my own views, given the discussion at Request custodian action. I tried to be conservative in my proposal.

Thoughts? Thanks, --DannyS712 (discuss • contribs) 22:15, 13 November 2019 (UTC)
 * 1) Bureaucrats have the technical ability to grant interface adminship to all users. It can be granted either temporarily or permanently.
 * 2) For now, Wikiversity does not have a need for permanent or long term interface administrators. Accordingly, interface administratorship may only be granted temporarily by bureaucrats (not to exceed 2 weeks without discussion)
 * 3) To provide a second set of eyes, bureaucrats may not grant themselves interface adminship - it must be granted by a different bureaucrat
 * 4) Exception: If no other bureaucrats are available within a reasonable amount of time, and other uninvolved support staff agree that the request is reasonable, a bureaucrat may grant themselves the rights
 * 5) Interface adminship should not be granted to non-support staff (non-custodian, non-curator) without prior discussion
 * 6) Bureaucrats have the technical ability to revoke interface adminship from all users.
 * 7) Since interface adminship should only be granted temporarily, this shouldn't be needed much
 * 8) A bureaucrat may, without prior discussion, revoke interface adminship if it is being used to edit against the community's wishes, or otherwise being used improperly. The bureaucrat must then open a discussion.
 * 9) A bureaucrat may, after prior discussion, revoke interface adminship if there is consensus among support staff that it should be revoked.
 * 10) A bureaucrat may, at the request of any interface administrator, revoke their interface adminship
 * 11) Proposal: Any interface administrator should be able to revoke their own interface adminship, in case they have finished the task faster than expected.
 * 12) Interface administrators have the following technical abilities
 * , and  - the ability to modify the css/js of other users. This may be used
 * 1) To perform uncontroversial maintenance
 * 2) To edit user scripts that are used by others, if the owner is inactive and unresponsive
 * , and  - the ability to modify the css/js/json of the site. This may be used
 * 1) To perform uncontroversial maintenance
 * 2) To edit sitewide gadgets, following consensus (or, in lower-stakes cases, no objections) regarding the edits
 * ,, and   - the ability to edit user json, site json, pages in the mediawiki namespace. These rights are granted to all custodians, and non-custodian interface administrators should follow the same guidance as custodians
 * 1)   - the ability to enable two factor authentication. All interface administrators are required to activate 2fa.
 * 2) Additional proposals
 * 3) Requests for interface adminship, and discussions regarding revoking such rights, should be made publicly in well-watched areas, such as at Notices for custodians or Request custodian action
 * Thanks . I like your layout here, also agree with and support your proposal that Interface Admins can revoke their own rights when done. This particular set of tools is a bit of a double edge. Its one that in all honesty only people who actually need it would likely ask for, hence it should not come up often and will almost always be by trusted users, however, the double edge is it is one that ca do a lot of harm because of the ability to edit javascript etc. As such it should only be a temporary one and as you say they must have the 2fa activated. Cheers Scott Thomson  ( Faendalimas ) talk 01:30, 14 November 2019 (UTC)
 * I agree. This is good work. Thanks! -- Dave Braunschweig (discuss • contribs) 15:00, 14 November 2019 (UTC)
 * In a few days, if no one objects, I'll file a phabricator task for interface admins to be able to remove their own interface admin rights. --DannyS712 (discuss • contribs) 17:15, 14 November 2019 (UTC)
 * I've added a site notice. Please give it seven days, just so we're consistent. Thanks! -- Dave Braunschweig (discuss • contribs) 17:38, 14 November 2019 (UTC)
 * I've added a note about where discussions should be held --DannyS712 (discuss • contribs) 18:50, 14 November 2019 (UTC)
 * I think it looks fine. Thanks for writing this up. I'd say that if we adopt this on the attached page we should also include the explanatory info from meta. --mikeu talk 04:23, 20 November 2019 (UTC)
 * If there is consensus to adopt it I can write it up as actual prose, and include explanatory info and related. Just ping me once its decided --DannyS712 (discuss • contribs) 05:12, 20 November 2019 (UTC)
 * agree with this, I think it will be helpful that certain terms such as 2fa, are linked to their meta pages apart from the explanatory notes and other links to policies etc. Cheers Scott Thomson  ( Faendalimas ) talk 06:46, 20 November 2019 (UTC)
 * Support for this looks fine. Maybe use cases can be extended to cross language support. Sometimes I appreciate some element in the english wikiversity that I miss in the german wikiversity. For Wiki2Reveal I decided for piloting and proof of concept to create a GitHub-Repository to have that available language indepentently in the German and English Wikiversity and just fetch the wiki sources and convert on the client side for this proof of concept. --Bert Niehaus (discuss • contribs) 04:56, 21 November 2019 (UTC)

Okay, its been a week; I've created a new policy page. Can someone else please verify that this follows the consensus here and tag it as a policy? Thanks, --DannyS712 (discuss • contribs) 00:48, 22 November 2019 (UTC)
 * Update


 * I added a couple of links for JS and CSS for those unfamiliar with the terms. (Feel free to point to a better description, if you know of one.) Is there a phab request id or were you waiting for closure to open that? In any case, I've added undefined as there is a clear consensus. --mikeu talk 00:18, 23 November 2019 (UTC)
 * Phab task for what? --DannyS712 (discuss • contribs) 00:34, 23 November 2019 (UTC)
 * "In a few days, if no one objects, I'll file a phabricator task for interface admins to be able to remove their own interface admin rights." Just inquiring if you've added that task. --mikeu talk 00:36, 23 November 2019 (UTC)
 * T238967 and 552615 --DannyS712 (discuss • contribs) 00:53, 23 November 2019 (UTC)
 * Thanks, I highly support this request. --mikeu talk 02:05, 23 November 2019 (UTC)

Restriction on self-granting
Pinging users who participated above:

The policy specifies that bureaucrats should not grant themselves these rights (unless no one else is around). This be enforced at the technical level, and, if no one else is around to grant it, requests be filed with stewards. This helps to ensure that a compromised bureaucrat account doesn't cause as much damage.

If there is support for such a technical requirement, I have already written the code, and we just need to convince the developers that it would be useful; see T44072.

Thoughts? --DannyS712 (discuss • contribs) 06:51, 15 December 2019 (UTC)
 * yes this makes sense, crats are also accountable and there is the safety aspect for compromised account. Getting another crat or a steward to do it is not difficult. Cheers Scott Thomson  ( Faendalimas ) talk 12:12, 15 December 2019 (UTC)
 * Seems like locking a screen door. It keeps honest people honest, but probably doesn't do anything in terms of improving security. A compromised account could be used to promote a secondary account very quickly. Then you have to add policies for how old is the account that is being promoted, etc. I think there's more to this than just self-granting. If WMF wants to implement this Wikimedia-wide, that's fine. But I don't see it being necessary just for Wikiversity. -- Dave Braunschweig (discuss • contribs) 19:27, 15 December 2019 (UTC)