[Cz-tech] Bots and privileges

Daniel Mietchen daniel.mietchen at googlemail.com
Sat Jan 16 17:32:13 CST 2010 

Thanks to Dan for starting this thread.

I had a look at
http://en.wikipedia.org/wiki/Wikipedia:Rollback_feature and think it
comes close to what we need, but it is not an exact hit. For instance,
it does not cover situations which involve the creation of a page. I
am looking around for alternatives - there is a revertbot.py script,
for instance, but I have not had a closer look at it yet.

In any case, I think it is best to postpone decisions about automated
editing with sysop rights until we have a bot manager. At the moment,
I am just investigating the technical aspects behind this.

On Mon, Jan 11, 2010 at 6:46 PM, dan nessett <dnessett at yahoo.com> wrote:
> I am moving what started out as a private conversation about bots and the privileges they require to the cz-tech mailing list. Daniel Mietchen has expressed an interest in running some bots on the CZ test wiki to demonstrate they are sufficiently tested to run on the live wiki. There is a concern that a buggy bot might corrupt a lot of pages on the wiki, requiring a great deal of manual work to restore them to their original state. Consequently, the policy discussions so far have placed a requirement on bots that there is an automated way to roll-back their changes.
>
> I asked a contact I have, Happy-melon (obviously a pseudonym), who has experience with wiki management and development to comment on this issue. His response is below. He mentions the existence of a 'rollback' permission that might suit the requirements we have for bot activity. In order to make progress on this issue, I suggest the following.
>
> Since Daniel is the one who wishes to pursue bot activity, it is really his responsibility to do the research necessary to understand how the 'rollback' permission works and explain it to the rest of us. He also should formulate a testing plan for his bots that convinces others that they have sufficient rollback capability so their actions can be neutralized.
>
> Dan
>
> --- On Mon, 1/11/10, Happy-melon <happy-melon at live.com> wrote:
>
>> From: Happy-melon <happy-melon at live.com>
>> Subject: Re: A question about bots
>> To: "dan nessett" <dnessett at yahoo.com>
>> Date: Monday, January 11, 2010, 3:20 AM
>> There's nothing a bot can do to
>> "irreversibly corrupt the database", any more than a normal
>> user.  The only abilities bots have is the capacity to
>> make a very large number of edits very rapidly; the
>> permissions given to the 'bot' group just hides this flood
>> from RecentChanges and newmessages, and excludes them from
>> various rate limiters and throttles.  The only
>> acknowledged dangers from a rogue *sysop* account are using
>> the 'editinterface'/'edituserjs' rights to run compromising
>> JavaScript on readers' browsers, and using
>> 'delete'/'move'/'undelete' to merge the page histories of
>> important articles.  The latter is not irreversible,
>> it's just incredibly time-consuming to unpick.
>>
>> I assume you're familiar with the mapping between actions
>> --> permissions --> groups --> users that comprises
>> the MediaWiki rights structure.  I don't see why the
>> bot would need any permissions other than 'rollback', which
>> can be assigned separately from the sysop group as is done
>> on enwiki.  You can assign the 'rollback' permission
>> (which allows holders to rollback) to a 'rollbacker' group
>> ($wgGroupPermissions['rollbacker']['rollback'] = true;) and
>> then assign that group to the bot account.  The bot
>> *owner* may indeed require 'move'/'delete' permissions to
>> properly test the bot.  From above, the only genuinely
>> 'dangerous' permissions are 'editinterface', 'edituserjs'
>> and 'undelete'; if you don't trust the user not to go on a
>> spree, *and* you have pages on the wiki that are worth
>> protecting (which I would doubt if it's a test wiki, unless
>> it's using the same database as the main site), you may wish
>> to create a 'sysop-lite' without these permissions.
>>
>> Hope this helps,
>>
>> --HM
>>
>> --------------------------------------------------
>> From: "dan nessett" <dnessett at yahoo.com>
>> Sent: Monday, January 11, 2010 1:54 AM
>> To: "Happy-melon" <happy-melon at live.com>
>> Subject: A question about bots
>>
>> > -HM-
>> >
>> > We now have a test wiki up and running on CZ
>> (test.citizendium.org). One of our users has requested sysop
>> privileges on it so he can develop bots that have a
>> roll-back capability. This requires the bots to have page
>> move and delete privileges.
>> >
>> > What is your experience with bots having sysop
>> privileges? Is this normal? If so, what sort of measures are
>> normally put in place to protect the wiki from bots
>> irreversibly corrupting the wiki page db?
>> >
>> > Dan
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>
>
>
> _______________________________________________
> Cz-tech mailing list
> Cz-tech at mail.citizendium.org
> http://mail.citizendium.org/mailman/listinfo/cz-tech
>



-- 
http://www.google.com/profiles/daniel.mietchen

More information about the Cz-tech mailing list