Enabling Extension:ConfirmAccount

Tue Jul 3 21:32:11 UTC 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2012 11:22 AM, Dave Neary wrote:
> Hi all,
> 
> I just tried to create an account for the oVirt wiki and was kind
> of surprised that to do so I had to contact someone who already had
> an account. It seems like everyone who has an account can add new
> users, so it looks like this is basically a spam avoidance policy.
> Is that right?

Yes, I implemented it initially so we wouldn't have a wide open
gateway when there wasn't a community of wiki watchers.

Conversations on this list have been around other automagic that
doesn't work because spammers work around it.

> If that's the case, I'd like to suggest enabling the
> ConfirmAccount extension
> http://www.mediawiki.org/wiki/Extension:ConfirmAccount - which can
> be configured to ask users for a username & email address, and
> their bio/reasons for wanting to have an account. The request is
> then added to a moderation queue, and anyone who is in the
> Bureaucrat role can approve the account creation request.
> 
> To the user, this fits within the expected intimacy gradient. I
> plan on blogging about the intimacy gradient which I talked about
> in my Ignite talk at teh Red Hat Summit last week, I'll point
> people there then - the basic idea is that you should not require
> people to have private communications to get access to a
> semi-public resource like a wiki account. In this case, you're
> making the request via a web page, and although the end result is
> the same (a human checks if you're a human), to the user it
> provides the same level of indirection as a Mailman subscription
> page.

Overall, seems like a reasonable solution. It doesn't resolve the need
for manual intervention, but it puts it in to a system that prevents
people from falling between the cracks and makes things easy for all
involved.

A problem I have with the current "ask someone to make you an account"
system is that it caters to the type of people who "just do it" - are
confident and comfortable asking around for help, for permission, etc.
I presume that is only 50% or less of the entire human population, so
by default the current system is unfriendly to more than half the
people who come across it.

I'm not sure the current system fits in with your description, though
- - there is a moment where it could be public or private. Under the
current system, the best place to ask for a wiki account is IRC or the
arch@ mailing list, since you'll get a fast response and it's quite
public. But being able to go private at least means some portion of
the 50%+ of the population that is less comfortable with asking around
for permission ... well, they might not find it so uncomfortable to
privately ask a perceived leader for a wiki key.

I presume the ConfirmAccount has a public queue that only Bureaucrat's
can resolve?

That makes it public, but now we have a greater restriction on who can
confirm accounts. Right now, anyone with an account can confirm, but
under ConfirmAccount we'll have to designate and cultivate
Bureaucrats, yes?

- - Karsten
- -- 
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
http://community.redhat.com .^\ http://TheOpenSourceWay.org
@quaid (identi.ca/twitter/IRC) \v. gpg: AD0E0C41

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFP82Tb2ZIOBq0ODEERAsoBAJ41ZFmdA6L434yiAnwPPRDycp0jwwCfUE6y
WcaCCp2a6YyK4o6XGU46Vew=
=pGmu
-----END PGP SIGNATURE-----