ADMIN: Adjustment of mod powers

Amanda editor at texas.net
Wed Nov 5 14:26:22 UTC 2003


Members of FAQ--

As some of you may know, over a year ago, there was a disaffected 
member of the main list. She had issues with some of the then-
moderators of the list.

A friend of this person hacked into the account of two of the 
moderators; they set one of them to have the power to "delete list" 
and did just that. Deleted the entire main list. Everything. Gone.

The then-admin team leaped into action; and with great difficulty, 
managed to get the files restored; and set up security measures to 
avoid this type of occurrence in future.

We are a much, much larger list now and the potential for 
disaffection, with the commensurate lessening of personal 
relationships and familiarity, is larger as well. Because of this, 
all members of the admin team observe certain security precautions,
still.

One of the measures that had been implemented on all HPfGU lists up 
to now, aside from this one, is controlling who has the ability to 
change the moderator powers of other moderators. Understand: there 
are several "moderator powers": approving posts, approving members, 
removing members, banning people, changing other moderators' 
abilities, and deleting the list. A moderator is anyone who exercises
*any* of these powers.

A moderator with the ability to change others' abilities is able to 
go in and add or delete powers to other moderators. Up until 
yesterday, *everyone* who was a moderator on this list had this power.
Something like 31 of us.

The outbreak of controversy on this list has sharpened our concern
that this list had so many people with this power and did not observe
this security measure as the other HP4GU lists do. Any one of the
moderators on this list could be hacked into and this list deleted.
Or any one of the moderators on this list could themselves do this.
This is how we lost the main list. And that was a terrible time and
we never want to go through that again; we can't even contemplate the
amount of dedicated work that would be lost if anything happened to
the FAQ list.

So, because of these security concerns, night before last, three MEGs
[Amanda, Dicey, and Kelley] made an executive decision and made the
following changes:

-- Everyone who was a moderator, is still a moderator.
-- We removed the ability to ban and to change other people's 
settings from all but the following people (all familiar with the 
personal security measures, as well):
Ali
Abigail
Heidi
Paul K.
Debbie
Sheryll
Phyllis
--Following this action, yesterday morning Sheryll also deleted 
the "remove members" ability, closing another security concern.

We stress: this was an interim security measure and has not changed
anyone's moderator status. No further changes will be made without
FAQ's input.

We further stress: as an interim measure, it can and should be 
revisited. FAQ is an HP4GU list and MEG will be a part of the 
decision as to who has moderator authority and/or powers on FAQ, but 
the FAQ members and FAQ input are a vital factor as well. When a non-
interim MEG liaison has been identified, and an optimal number of 
moderators determined, that liaison will work with FAQ to organize a 
moderator selection process.

~Amanda






More information about the HP4GU-FAQ archive