Board Thread:General Discussion/@comment--20150814190019/@comment-1065656-20150815170611

Dessamator wrote: Deadcoder wrote: While I'm glad that staff is finally taking security seriously, I'm worried about evaluation times. Perhaps Wikia should do this: users who have a reputation of safe useful Javascript edits can edit scripts "where they have the rights" without evaluation. Everyone else gets their code evaluated. As more edits are made, your reputation grows and eventually, you get an additional permission, and you no longer need your code audited. That sets a bad precendent. There are many admins and users who have been good editors for years, but one day they decide to simply go rogue and start vandalising or making a mess of wikis.

That's like saying that police officers who have been competent for a decade shouldn't be evaluated or that "internal affairs" or isn't needed. Many police officers may become corrupt.

Code-review means that even code-reviewers themselves should (at least if it is implemented correctly) also have to submit their own code for review.

I think there's a bit of a difference between (a) your average person competent enough with JavaScript to deserve these additional rights (b) a ten-year-old kid vandalizing a wiki because lulz (c) the police force.

How does Wikia know its VSTFs aren't going to go rogue and delete everything? Do all their contributions and help need to be patrolled and watched by some review squad? Surely they could do more damage since they have powers across the whole of Wikia? A local code-editor group would be a group only for users who, like VSTFs, are trusted by Wikia not to do anything wrong.