On Wed, Feb 27, 2013 at 5:26 PM, Alexander Rødseth <rods...@gmail.com> wrote: > Hi, > > > 2013/2/27 Angel Velásquez <an...@archlinux.org>: >> For solving the problem right now -quick and dirty-, we just have to >> add a validation (tsk tsk anyone who wants to sum contributions can >> code this silly patch), if the user is suspended don't let him flag >> the package and actually redirect him to the logout page (to kill >> those cookies). > > Wouldn't he/she/they be able to just register more accounts and > continue flagging packages this way?
Yes, a malicious user would be able to evade suspension by registering new accounts. In my opinion, those situations call for IP banning.