Board Thread:General Discussion/@comment--20150814190019/@comment-5065259-20150815050642

If a new group were to be created, bcrat's should not be the ones handing it out. it should be others already in the group check that anyone who requests for the right is competent before staff grants via special:contact.staff is super fast on granting bot requests especially if either you are an admin or admins have granted permission, hopefully staff granting this right are just as fast provided at least one other competent user from the group confirms (providing a link for that). yes, in the long run this will limit how admins can add css or js; hopefully this code review isn't just wikia staff and includes potentially those competent with writing js or css from scratch - i'm looking at codeeditors and voldev, not vstf. vstf is for spam and vandalism, they should not be given the extra task of dealing with reviewing code if procedure says they don't bother with social issues. social issues are for local admins to resolve, wikia staff apparently backs this despite the number of so called "bad" admins.

as a refresher for anyone out of the loop: keep in mind that roughly a week ago, the dev wiki had numerous scripts vandalized because not all were locked to codeeditors and now cqm is the one approving requests. a staff account was hijacked last weekend and now security's a big issue. so to those that still want the set up from the past, we are only going to have more exploits by hackers or mischievous people.

something a bit more serious: no idea how many people were aware that admins could edit other people's personal css or js until kirkburn brought it up, ducksoup said it was for emergency cases only (from thursday office hours). i don't even know if that affected the individual wiki or if it was wikia-wide. who's to say that a "bad" admin if they knew about this wouldn't go about to screw with people or worse say someone gets on the bad side of local staff, how would that be prevented? I doubt there was any prompt that asked before admins jumped in to "change" something; the only thing the victim could do is report to wikia staff. I call that a large security risk and am grateful that risk is now GONE! I mean if someone screwed up their own personal page, they can either request local staff to revert to a previous edit/delete or contact staff to fix. in a nutshell, not every admin is competent in js, css or both for that matter.