Hi all, As you may know, for the last few years we have used a variety of strategies for dealing with the problem of abuse and spam on gitlab.haskell.org. The currently-employed and seemingly most effective technique has been to require manual approval of new account requests.
This has always been an uneasy compromise. Not only does this approval process add considerable friction to the contribution process, the increasing prevalence of ill-behaved web crawlers has rendered the approach less and less effective at prevent that form of abuse. For this reason we now exploring alternative approaches. One promising strategy employed by other FOSS GitLab deployments (e.g. gitlab.freedesktop.org) is the Anubis proof-of-work system. Anubis works by forcing the client to perform a small (but non-negligible) amount of work before requests are serviced. This will mean that GitLab users' clients will periodically be asked to perform small amounts of work. While Anubis primarily targets crawlers, it may be that the slight increase in per-request cost might also allow us to lift our manual account approval requirement. Ultimately, the only way to find out is to try. If there are no objections, I will place Anubis in front of GitLab starting next week. During this process we will assess the effectiveness of Anubis at prevent both spam and over-zealous crawlers. This may require a bit of iterative parameter tuning but I am hopeful that the end result might be a more accessible and faster GitLab instance for us all. Let me know what you think. Cheers, - Ben [1] https://github.com/TecharoHQ/anubis
signature.asc
Description: PGP signature
_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
