Last modified: 2011-03-13 18:05:24 UTC
Admins should never fight, and if they do fight, they certainly should never get into blocking wars. Standard practice says that admin should, like anyone else, petition another admin to be unblocked if they believe they were blocked unfairly. I would request that this be enforced at the technical level by removing the option for an admin who is blocked to unblock himself. It may also be worth considering whether or not all of the sysop tools should be disabled when an admin is blocked.
A couple major problems: * If a rogue admin blocks all other admins, no one else can recover without external assistance. * If a range or IP block accidentally hits an admin, the admin cannot recover. On a small wiki with a single admin this may be unrecoverable without interference in the database. If there is a need to block a sysop, it would make sense to desysop that account first.
A third problem - if an admin wants to test using blocks, usually the admin will simply test by blocking him- or herself.
*** Bug 9851 has been marked as a duplicate of this bug. ***
(In reply to comment bug 9851 comment #2) > Not to argue, but there is no difference between an admin blocking all and > acting unchecked, or unblocking himself repeatedly to do that. Except that only > one of them is likely to delete the main page or edit the sitenotice of a top 10 > website with 100 other admins that it would be impossible to block, practically > speaking. It would be quite easy to write a script to block every other admin on the site at once. There are no restrictions on simultaneous blocks. Presumably to compromise an account you need to be a script kiddie already, and any script kiddie could block all other admins. A much more reasonable request is the "sacrifice sysophood to desysop" idea, which permits the majority to immediately deal with a rogue minority without giving the minority any substantial leeway (desysopping a single user is not very disruptive at all compared to vandalism of the main page or whatnot).
One option could be to allow a blocked admin to remove IP blocks and unblock others, but not himself. For wikis with a nontrivial number of sysops that would allow cooperation to overcome the "everyone gets blocked" issue, while still limiting the damage that could be done by a single rogue account.
It's simple for a script to block every admin on the wiki simultaneously. The logic of a Perl script to do that, given a list of admins, would amount to probably a few lines. You just need to send a couple hundred POSTs over the course of half a second or whatever, and they should all go through without a hitch. Resend every half-second for a few seconds if you're worried. And if we're worried about compromised admin accounts, presumably they were compromised by script kiddies who could easily write such a script.
