[Cz-tech] Rollback

[Chris Key]

In case this is still useful to know, the Rollback permission is really
very minor and I would have no hesitation in granting it to anyone (or any bot) who wanted it.
I actually have rollback permission on WP (username: Jibbles) despite the fact 
that I've done relatively few edits on their scale. They basically give it to anyone who
wants it and has any valid reason for having it.

Basically it is a quick way of using the Undo feature which is already available to 
every user anyway. Basically it reverts the last change made to a page at the click of
a single button, with no confirmation page, warning or preview. It doesn't hide from any
logs, and still shows in the recent changes with an automatically generated edit summary.
If the last user to edit the page made multiple consequtive edits, they are all reverted.
But basically they can't do anything that a normal user can't do, they can just do it quicker.


==Original Message Below==


Thanks to Dan for starting this thread.

I had a look at
http://en.wikipedia.org/wiki/Wikipedia:Rollback_feature and think it
comes close to what we need, but it is not an exact hit. For instance,
it does not cover situations which involve the creation of a page. I
am looking around for alternatives - there is a revertbot.py script,
for instance, but I have not had a closer look at it yet.

In any case, I think it is best to postpone decisions about automated
editing with sysop rights until we have a bot manager. At the moment,
I am just investigating the technical aspects behind this.

On Mon, Jan 11, 2010 at 6:46 PM, dan nessett <dnessett at yahoo.com> wrote:
> I am moving what started out as a private conversation about bots and the 
privileges they require to the cz-tech mailing list. Daniel Mietchen has 
expressed an interest in running some bots on the CZ test wiki to demonstrate 
they are sufficiently tested to run on the live wiki. There is a concern that 
a buggy bot might corrupt a lot of pages on the wiki, requiring a great deal 
of manual work to restore them to their original state. Consequently, the policy
 discussions so far have placed a requirement on bots that there is an 
automated way to roll-back their changes.
>
> I asked a contact I have, Happy-melon (obviously a pseudonym), who has experience with 
wiki management and development to comment on this issue. His response is below. He 
mentions the existence of a 'rollback' permission that might suit the requirements we 
have for bot activity. In order to make progress on this issue, I suggest the following.
>
> Since Daniel is the one who wishes to pursue bot activity, it is really his responsibility 
to do the research necessary to understand how the 'rollback' permission works and explain 
it to the rest of us. He also should formulate a testing plan for his bots that convinces
 others that they have sufficient rollback capability so their actions can be neutralized.
>
> Dan
>
> --- On Mon, 1/11/10, Happy-melon <happy-melon at live.com> wrote:
>
>> From: Happy-melon <happy-melon at live.com>
>> Subject: Re: A question about bots
>> To: "dan nessett" <dnessett at yahoo.com>
>> Date: Monday, January 11, 2010, 3:20 AM
>> There's nothing a bot can do to
>> "irreversibly corrupt the database", any more than a normal
>> user.  The only abilities bots have is the capacity to
>> make a very large number of edits very rapidly; the
>> permissions given to the 'bot' group just hides this flood
>> from RecentChanges and newmessages, and excludes them from
>> various rate limiters and throttles.  The only
>> acknowledged dangers from a rogue *sysop* account are using
>> the 'editinterface'/'edituserjs' rights to run compromising
>> JavaScript on readers' browsers, and using
>> 'delete'/'move'/'undelete' to merge the page histories of
>> important articles.  The latter is not irreversible,
>> it's just incredibly time-consuming to unpick.
>>
>> I assume you're familiar with the mapping between actions
>> --> permissions --> groups --> users that comprises
>> the MediaWiki rights structure.  I don't see why the
>> bot would need any permissions other than 'rollback', which
>> can be assigned separately from the sysop group as is done
>> on enwiki.  You can assign the 'rollback' permission
>> (which allows holders to rollback) to a 'rollbacker' group
>> ($wgGroupPermissions['rollbacker']['rollback'] = true;) and
>> then assign that group to the bot account.  The bot
>> *owner* may indeed require 'move'/'delete' permissions to
>> properly test the bot.  From above, the only genuinely
>> 'dangerous' permissions are 'editinterface', 'edituserjs'
>> and 'undelete'; if you don't trust the user not to go on a
>> spree, *and* you have pages on the wiki that are worth
>> protecting (which I would doubt if it's a test wiki, unless
>> it's using the same database as the main site), you may wish
>> to create a 'sysop-lite' without these permissions.
>>
>> Hope this helps,
>>
>> --HM
>>
>> --------------------------------------------------
>> From: "dan nessett" <dnessett at yahoo.com>
>> Sent: Monday, January 11, 2010 1:54 AM
>> To: "Happy-melon" <happy-melon at live.com>
>> Subject: A question about bots
>>
>> > -HM-
>> >
>> > We now have a test wiki up and running on CZ
>> (test.citizendium.org). One of our users has requested sysop
>> privileges on it so he can develop bots that have a
>> roll-back capability. This requires the bots to have page
>> move and delete privileges.
>> >
>> > What is your experience with bots having sysop
>> privileges? Is this normal? If so, what sort of measures are
>> normally put in place to protect the wiki from bots
>> irreversibly corrupting the wiki page db?
>> >
>> > Dan
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
>
> _______________________________________________
> Cz-tech mailing list
> Cz-tech at mail.citizendium.org
> http://mail.citizendium.org/mailman/listinfo/cz-tech
>



-- 
http://www.google.com/profiles/daniel.mietchen



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.citizendium.org/pipermail/cz-tech/attachments/20100419/40b58162/attachment.html