On 25/10/22 13:29, Harald Sitter wrote:
On Tue, Oct 25, 2022 at 1:22 PM Ahmad Samir <a.samir...@gmail.com> wrote:Can a first time contributor create a fork, create multiple/100 MR's and spin up CI jobs? if yes, then, first time contributors can disrupt the system. Weren't there some suspicious accounts that were using our gitlab instance for bitcoin mining (I could be wrong, I vaguely remember someone from Sysadmin team talking about something like that)? were these first time contributors or ones with developer accounts?I'm sure 2fa doesn't help with that (:
I am not a cyber security expert, but isn't 2FA comparable to captcha stuff? it's not hard, but it takes some extra time. Which forum would a spammer target? the one with the "create account and login immediately" or the one with "create account, verify captcha hell, verify email address"?
-- Ahmad Samir
OpenPGP_signature
Description: OpenPGP digital signature
