On the subject of prevention of propagation, my son came up with an idea. We were talking about moderation (approval of edits before they can be used for open distribution), which I immediately dismissed, because we would need a team of moderators. Then he said, why not require approval of one experienced mapper, before applying the edits to the database, or (my preference) before clearing the edited objects for open distribution.
I think a built-in approval mechanism is a requirement for prevention of the kind of vandalism we see. I can’t say how this should work technically, but conceptually it is either an intermediate edit/changeset approval system working before the edits are applied to the database, or flagging edited objects in the database as awaiting approval.
The flagging option enables the dual system I mentioned earlier: direct unapproved access/distribution for mappers (which also serves to detect vandalism and to double check the approvals by the complete mapping community), and approved access/distribution for other usages.
The difference is, earlier I thought of delaying the entire propagation on the tile server level, whereas now the delay would be on the object level.
The pitfall is censorship. So the approval should only target attacks, not user errors, and the approving should answer only one question: is this a deliberate attack?
Basic question: would this be technically possible?