Re: Moderations for modules.apache.org
On 11/9/2015, 1:54:59 PM, Graham Leggettwrote: > On 09 Nov 2015, at 2:41 PM, Daniel Gruno wrote: > > > You're welcome to try to clean it up ;) > > make a user account on the system and give me the UID of that user (the > > ID, not the username - there are tens of thousands of users, so I can't > > see them all in the admin interface anymore). > > :) > > > I am contemplating removing all users/mods and adding some recaptcha > > stuff to it soon, but enotime right now. > > Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al > instances) > JIRA isn't LDAP backed, FWIW. And no, we wanted it to be open to the larger public to submit modules, not just committers. But the rub is, we are being attacked manually by actual people sending in garbage stuff, bypassing the security checks. I'm not entirely sure how to combat this, but I do have a few ideas. They require something close to a complete wipe of the database , however. With regards, Daniel. > Regards, > Graham > â > > -- Sent via Pony Mail for dev@httpd.apache.org. View this email online at: https://pony-poc.apache.org/list.html?dev@httpd.apache.org
Re: Moderations for modules.apache.org
I'm a bit slow this morning. I'm sitting here, using Pony Mail for replying, not realizing...we should use OAuth for this! It would still require a wipe of the current DB, but if we use the ASF OAuth plus maybe Google OAuth for non-committers, we should be able to allow only _actual people_ to contribute to this. :) Does this sound like a good idea, or complete overkill? With regards, Daniel. On 11/9/2015, 1:54:59 PM, Graham Leggettwrote: > On 09 Nov 2015, at 2:41 PM, Daniel Gruno wrote: > > > You're welcome to try to clean it up ;) > > make a user account on the system and give me the UID of that user (the > > ID, not the username - there are tens of thousands of users, so I can't > > see them all in the admin interface anymore). > > :) > > > I am contemplating removing all users/mods and adding some recaptcha > > stuff to it soon, but enotime right now. > > Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al > instances) > > Regards, > Graham > â > > -- Sent via Pony Mail for dev@httpd.apache.org. View this email online at: https://pony-poc.apache.org/list.html?dev@httpd.apache.org
Re: Moderations for modules.apache.org
On Wed, 2015-11-11 at 11:27 +, Daniel Gruno wrote: > Does this sound like a good idea, or complete overkill? I have long thought we might employ an alternative scheme akin to a "planet" aggregator. Make the module index an aggregator from module authors providing and maintaining their own descriptions as DOAP files. That way an author doesn't have to go through any manual process or moderation to update entries, and the admin burden is reduced. We still have to bootstrap new authors wanting us to aggregate their DOAP URLs. We could fully automate it for committers by auto-approving apache.org URLs, leaving a much reduced space for manual moderation and still vulnerable to spam attacks. Then we can reduce that further by requiring oauth as you suggest. And once the OpenMiracl podling has a TA up-and-running, we can deploy that to help open a wider circle of strong trust. Just a thought. -- Nick Kew
Re: Moderations for modules.apache.org
On 09 Nov 2015, at 2:41 PM, Daniel Grunowrote: > You're welcome to try to clean it up ;) > make a user account on the system and give me the UID of that user (the > ID, not the username - there are tens of thousands of users, so I can't > see them all in the admin interface anymore). :) > I am contemplating removing all users/mods and adding some recaptcha > stuff to it soon, but enotime right now. Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al instances) Regards, Graham —
Re: Moderations for modules.apache.org
On 06 Nov 2015, at 6:55 PM, Daniel Grunowrote: > I'm sorry to say modules.apache.org is so bot/spam infested now, that > it's impossible to moderate it unless I spend more than an hour every > day going through all the fake modules and users added on a daily basis. > > I am contemplating scrapping it entirely, or possibly creating a new > system at some point, with stronger anti-spam measures. Need a hand with moderation? Having what looks to be the formal module search engine being frozen in time is a problem for us, it makes us look stale when we aren’t. Regards, Graham —
Re: Moderations for modules.apache.org
On 11/09/2015 01:25 PM, Graham Leggett wrote: > On 06 Nov 2015, at 6:55 PM, Daniel Grunowrote: > >> I'm sorry to say modules.apache.org is so bot/spam infested now, that >> it's impossible to moderate it unless I spend more than an hour every >> day going through all the fake modules and users added on a daily basis. >> >> I am contemplating scrapping it entirely, or possibly creating a new >> system at some point, with stronger anti-spam measures. > > Need a hand with moderation? > > Having what looks to be the formal module search engine being frozen in time > is a problem for us, it makes us look stale when we aren’t. > > Regards, > Graham > — > You're welcome to try to clean it up ;) make a user account on the system and give me the UID of that user (the ID, not the username - there are tens of thousands of users, so I can't see them all in the admin interface anymore). I am contemplating removing all users/mods and adding some recaptcha stuff to it soon, but enotime right now. With regards, Daniel.
Moderations for modules.apache.org
Hi all, I've had a module waiting to be approved at modules.apache.org for a while, anyone know who the moderator is? Regards, Graham --
Re: Moderations for modules.apache.org
On 11/06/2015 05:53 PM, Graham Leggett wrote: > Hi all, > > I've had a module waiting to be approved at modules.apache.org for a while, > anyone know who the moderator is? > > Regards, > Graham > -- > Hi Graham, I'm sorry to say modules.apache.org is so bot/spam infested now, that it's impossible to moderate it unless I spend more than an hour every day going through all the fake modules and users added on a daily basis. I am contemplating scrapping it entirely, or possibly creating a new system at some point, with stronger anti-spam measures. with regards, Daniel.