Last modified: 2005-07-14 05:10:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 1807 - Username changes
Username changes
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
http://meta.wikimedia.org/wiki/Changi...
:
Depends on: 2523
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-03 05:33 UTC by Brian Jason Drake
Modified: 2005-07-14 05:10 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Brian Jason Drake 2005-04-03 05:33:30 UTC
Username changes are currently done by developers, with 
requests collected on Wikipedia:Changing username.

Since anyone can create an account, without usernames 
being approved in advance, anyone should be able to change 
their username themselves.
Comment 1 Brion Vibber 2005-04-04 22:37:20 UTC
Agreed, there's no need for further work since it's trivial to create a new username. Closing as WORKSFORME.
Comment 2 Brian Jason Drake 2005-04-06 05:29:14 UTC
I thought this was obvious, but apparently not:

It is trivial to create a new username but it is not trivial to transfer the history, that's 
why we had Wikipedia:Changing username in the first place.
Comment 3 Brion Vibber 2005-04-06 05:35:38 UTC
It is non-trivial to change the attributions in the history; it may require modifying 
hundreds of thousands of stored page revision records for a very actively used 
account, so it's not something that's likely to be run automatically in response to a 
user-initiated command.

Additionally, interaction with user blocking and other issues need to be considered. 
Frequently changing names could be easily abused to make it difficult to nail down 
an attacking vandal.
Comment 4 Brian Jason Drake 2005-04-07 02:00:40 UTC
(In reply to comment #3)
> It is non-trivial to change the attributions in the history; it 
may require modifying 
> hundreds of thousands of stored page revision records for a very 
actively used 
> account, so it's not something that's likely to be run 
automatically in response to a 
> user-initiated command.
> Additionally, interaction with user blocking and other issues need 
to be considered. 
> Frequently changing names could be easily abused to make it 
difficult to nail down 
> an attacking vandal.

I assumed that the page histories only recorded user IDs to save 
space and prevent duplication. Otherwise what's the point of the IDs?

Frequently changing names should be easier to track than frequently 
creating new accounts.
Comment 5 Richard J. Holton 2005-04-07 02:47:54 UTC
I think the larger problem lies in the area of signatures, which are based on
usernames (not id's). As user Rholton, that is my public id (User:Rholton) and
my signature ([[User:Rholton]]). This appears on all my talk page posts, votes
for various issues, etc.

The "wiki-way" (or at least the "Wikipedia-way") requires a (currently informal)
web of trust that is based on user identities determined by signature (which are
verifiable by edit-history).
Comment 6 Brian Jason Drake 2005-04-07 02:57:04 UTC
(In reply to comment #5)
> I think the larger problem lies in the area of signatures, which 
are based on
> usernames (not id's). As user Rholton, that is my public id 
(User:Rholton) and
> my signature ([[User:Rholton]]). This appears on all my talk page 
posts, votes
> for various issues, etc.
> The "wiki-way" (or at least the "Wikipedia-way") requires a 
(currently informal)
> web of trust that is based on user identities determined by 
signature (which are
> verifiable by edit-history).

As I understand it, we had this problem when Wikipedia:Changing 
username was being used, so we have nothing to lose by adding the 
feature I requested.

This is unless people change their usernames excessively, which we 
trust them not to.
Comment 7 Catherine Munro 2005-04-23 15:48:12 UTC
I agree that we should be able to trust users to do this, the same as creating
new accounts -- advise them that it's hard on the database and not to use it
lightly, remind them that they can change their sig without changing their name,
and punish them if they abuse it.  (If it really requires judgment calls, could
it be assigned to admins or bureaucrats or stewards instead?)

Many people want to change name because they choose a username before learning
the norms of the community, and then choose to change within a few weeks of
signing up; would these short requests cause fewer challenges?   If the
difficulty is based on the number of records to be changed, perhaps a cutoff
could be assigned.   "Simple" requests, less than N records, could go through
immediately, while more database-intensive requests could be assigned to a
queue, to be:

1) run at "off-peak" hours (if we have such a thing)
2) run on an offline server (if that's possible),
3) run during downtime required for other reasons (which still might take
months, but at least would get done eventually) or 
4) to languish as they currently do waiting for developer attention (but at
least the simple requests wouldn't clutter the list).

If it's only going to become more and more expensive to change names as our
histories become longer and deeper and more compacted, then perhaps we should
change policy to disallow it, or limit it to accounts of a certain age?
Comment 8 Brian Jason Drake 2005-04-24 08:44:23 UTC
(In reply to comment #7)
> I agree that we should be able to trust users to do this, the same 
as creating
> new accounts -- advise them that it's hard on the database and not 
to use it
> lightly, remind them that they can change their sig without 
changing their name,
> and punish them if they abuse it.  (If it really requires judgment 
calls, could
> it be assigned to admins or bureaucrats or stewards instead?)
> Many people want to change name because they choose a username 
before learning
> the norms of the community, and then choose to change within a few 
weeks of
> signing up; would these short requests cause fewer challenges?   
If the
> difficulty is based on the number of records to be changed, 
perhaps a cutoff
> could be assigned.   "Simple" requests, less than N records, could 
go through
> immediately, while more database-intensive requests could be 
assigned to a
> queue, to be:
> 1) run at "off-peak" hours (if we have such a thing)
> 2) run on an offline server (if that's possible),
> 3) run during downtime required for other reasons (which still 
might take
> months, but at least would get done eventually) or 
> 4) to languish as they currently do waiting for developer 
attention (but at
> least the simple requests wouldn't clutter the list).
> If it's only going to become more and more expensive to change 
names as our
> histories become longer and deeper and more compacted, then 
perhaps we should
> change policy to disallow it, or limit it to accounts of a certain 
age?

This (and all of the comments above) doesn't seem to answer my 
question: Why don't histories just record the user IDs, so that we 
can just store the username in one place and not worry about 
changing the histories?
Comment 9 JeLuF 2005-05-24 07:01:35 UTC
(In reply to comment #8)
> 
> This (and all of the comments above) doesn't seem to answer my 
> question: Why don't histories just record the user IDs, so that we 
> can just store the username in one place and not worry about 
> changing the histories?

Basically, because of IPs and convenience. IPs are logged in the revision, with
user id 0.
To make queries easier, the username is also stored in revisions, together with
the numerical user id. To get all revisions and their authors you just have to
make one query using this design, no special treatment needed for anonymous users.

Yes, other solutions would be possible.
Comment 10 Ævar Arnfjörð Bjarmason 2005-06-26 10:17:10 UTC
See also bug 2523, a Special Page to rename users.
Comment 11 Brian Jason Drake 2005-06-27 05:23:33 UTC
(In reply to comment #10)
> See also bug 2523, a Special Page to rename users.

It appears that if that bug has been fixed, so has this one.
Comment 12 Zigger 2005-06-27 12:34:24 UTC
(In reply to comment #11)
> (In reply to comment #10)
> > See also bug 2523, a Special Page to rename users.
> It appears that if that bug has been fixed, so has this one.

Re-opening this request until the new extension is available on the wikimedia sites.
Comment 13 River Tarnell 2005-06-27 12:38:44 UTC
WONTFIX, because the ability to rename any user via the web interface is too much of  
a potential security problem. (think XSS issues). 
Comment 14 Brian Jason Drake 2005-06-28 03:03:55 UTC
(In reply to comment #13)
> WONTFIX, because the ability to rename any user via the web interface is too much of  
> a potential security problem. (think XSS issues). 

It's no more of a security problem than creating a new user.
Comment 15 Antoine "hashar" Musso (WMF) 2005-07-08 10:47:04 UTC
Extensions installed on wikimedia servers.
Contact your bureaucrats to rename users.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links