Short description
That a edit was marked as "Trivial" is potentially interesting information that should be included in the "Revision History" table. For example, if you wanted to diff between the last non-Trivial edit of the page, having that flagged would help.
I think this is a very reasonable feature request. Currently checking the "trivial change" option prevents only sending mails to users that have subscribed only to non-trivial changes. If you are not a subscriber, but a RecentChangesJunkie, the "trivial change" option is without any use for you. So, is there any chance to have this implemented in the next major release (Moin 1.6? Moin 2?)? Thanks, -- MartinBayer 2007-04-11 17:39:37
This stuff is dangerous for soft security. -- ThomasWaldmann 2007-04-11 22:09:10
You mean because "bad" changes (spam, copyright infringement, and so on) could be camouflaged using the "trivial change" option? If so, it would be more consequential to remove the option completely, wouldn't it? I think, if s.o. is responsible for a wiki, she would check also the changes marked as "trivial"—except those done by trustworthy users. However, we could make the "trivial change" option unavailable for all users not logged in (i.e. for anonymous edits). That way, we could increase both, "soft security", and usability: anonymous users can't switch off email notifications any longer, and RecentChangesJunkies don't have to check trivial changes of trusted, well known users. -- MartinBayer 2007-04-11 22:28:30
That is a new point of view but the only group I would trust is the MoinPagesEditorGroup by default, so this will need another config var too -- ReimarBauer 2007-04-12 07:07:16
Maybe I put it mistakable: I wasn't thinking of a new list or option (even if this might fit to your needs), but only of people you personally know. IOW, trivial changes would be marked in some way on RecentChanges, but treated like normal changes in all other respects. Those who check RecentChanges can than decide what to do with such an edit, in particular they can liberally decide whether to check it or not. In case you know the person who did the "trivial" change and trust her (be it because she is the admin of the wiki), you may decide not to check the change. If you don't know the user, or don't trust her, or the change was done by an anonymous user (IP), you probably will check it, even if it was marked as "trivial". That's why I suggested not to offer the "trivial change" option to anonymous users—you will check these changes anyway. But that would be more or less a gimmick. However, I can't see any security impact of such a flag, because it's all up to the one who checks RecentChanges. -- MartinBayer 2007-04-14 16:16:29
So we need only to exchange the normal update icon by a trivial update icon and give the right to use the trivial button only to known users? -- ReimarBauer 2007-04-14 21:33:07
IMHO, yes. -- MartinBayer 2007-04-15 12:00:16
I agree with MartinBayer and don't understand how merely flagging changes that were made with the Trivial change checkbox selected in the revision history (and RecentChanges RSS feed) would be dangerous. If anything, something marked as trivial by an IP address or new user would probably look even more suspicious. Suppressing them completely from the RecentChanges RSS feed could let the vandal hide more easily maybe, but even if you did that I imagine you'd offer a feature analogous to "subscribe to trivial changes" as you do now for email notifications. -- DavidCramer 2007-04-14 19:38:29
FWIW, on the ESW Wiki a recent spam hit used "trivial change" and successfully delayed me from repairing the pages because I monitor them via RSS. I'd be ok with removing the feature, but would also support adding an additional RSS feed to monitor *all* changes. -- MarkBaker 2007-04-16 15:52:27
Engine |
Minor changes feature |
Flag on RecentChanges |
Flag on revision history |
Sends email |
Available to anonymous users |
|
|
|
option |
|
|
DokuWiki |
|
|
|
|
|
MediaWiki |
|
|
|
n/a |
|
PhpWiki |
|
|
|
n/a |
|
PmWiki |
|
|
|
|
|
TikiWiki |
|
|
|
|
|
Soft security
I proposed this to be implemented into the 1.7 branch and was told
That would weaken soft security. To be a known user, a spammer script just needs to create an account and use it. And as all changes would be flagged as trivial, less people would care...
So, one would think the problem is that scripts can create an account in the first place. But let's put together what we have and what this feature request is for.
MoinMoin 1.5.8 (implemented):
- "trivial change" checkbox
- prevents change notification mail to be sent
- this can be overridden by setting an option
- can by used by anybody
- even by anonymous users
- prevents change notification mail to be sent
This RfE:
- "trivial change" checkbox
- prevents change notification mail to be sent
- this can be overridden by setting an option
flags changes accordingly on RecentChanges
- can by used only by users logged in
- prevents change notification mail to be sent
+: No "trivial changes" by anonymous users any more.
-: "Evil" changes ignored by other users that check RecentChanges
Use case 1: On the wiki M. the guru T.W. fixes some typo. He marks his change as "trivial". Status quo: Most users reading RecentChanges will check the change, although they don't need to. Proposed: They see that it is a "trivial change" and is made by someone known personally, so they won't bother.
Use case 2: On the wiki W. the user U. makes some changes to a pages. He afterwards notices some typo, and changes the same page again, marking the change as "trivial". Later, the other user O. checks the revision history ("info") about changes made on that page. Status quo: Most annoyingly, O. has to check the trivial changes, too. Proposed: As "trivial changes" are flagged not only on RecentChanges, but on "info", too, O. will include the "trivial" changes when comparing revisions (e.g. if revision 4 is flagged as "trivial", O. will compare revision 5 against 3, instead first revision 5 against 4, and than 4 against 3).
Use case 3: On the wiki X. an anonymous user with the IP 192.168.178.20 makes a change. He marks his change as "trivial". Status quo: Most users reading RecentChanges will check the change, but those who rely on the notification emails probably won't ever know about it. Proposed: Anonymous users can't flag changes as "trivial" any more, notification emails will be sent.
Use case 4: On the wiki Y. an evil spammer S. puts in the usual trash. He had provided himself with an account, is logged in, and marks his change as "trivial". Status quo: Most users reading RecentChanges will check the change, but those who rely on the notification emails probably won't ever know about it. Proposed: Same as "status quo", but the change is flagged as "trivial" on RecentChanges. Users not knowing S. (personally) will check his changes nonetheless (even if they don't, I would check if I were the admin of that wiki).
To conclude: "soft security" would weaken only if we assume our users will trust anybody logged in blindly. But I think they don't—wikis are communities after all. I believe users will continue to check even changes marked as "trivial", in particular on pages they care about most, except those changes done by well-known, trustworthy users. (After all, spam is not the only form of vandalism.) However, even if they don't, this could be "compensated" by the notification emails (use case 3)—we might have less attention from RecentChangesJunkies, but more attention by uses subscribed to all wiki pages. This will come in handy once the problem with scripts able to create accounts is solved.
So, I think the answer to the question "does this weaken 'soft security'?" is the same as to the question "what do we think how brainless our users really are?".