Re: [aur-general] We've got a spam issue in our AUR
Em 12-07-2015 15:33, Lukas Fleischer escreveu: The only additional thing I can think of is some flood control mechanism which does not fix the problem itself but helps reducing the degree of damage... Requiring a captcha will prevent some people from posting. Implementing a flood control, might help, but might also be a hassle to maintainers who get a lot of comments and would probably reply to them sequentially. The only thing that would surely work would be moderation. I don't think that disabling comments is the answer though. As for moderation, there is how to make a survey on how frequent are the comments? I maintain a few packages on AUR and I don't get that many comments. At least they tend to be sparse enough. I wouldn't bother to moderate them myself. Perhaps this could be configurable? Cheers, Giancarlo Razzolini
Re: [aur-general] blacklisted package
On Sun, 12 Jul 2015 20:57:21 -0300 Eduardo Machado wrote: > hi, > > i tried to create a new package, and when i tryed to push it to the server > i received a message that it is blacklisted. what happened? > > This was what i did: > > $git push origin master > Counting objects: 4, done. > Delta compression using up to 4 threads. > Compressing objects: 100% (4/4), done. > Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done. > Total 4 (delta 0), reused 0 (delta 0) > remote: error: package is blacklisted: python2-passlib > remote: error: hook declined to update refs/heads/master > To ssh+git://aur4.archlinux.org/python-passlib.git/ > ! [remote rejected] master -> master (hook declined) > error: failed to push some refs to 'ssh+git:// > aur4.archlinux.org/python-passlib.git/' > > --- >Eduardo M. Machado https://www.archlinux.org/packages/community/any/python-passlib/ https://www.archlinux.org/packages/community/any/python2-passlib/
[aur-general] blacklisted package
hi, i tried to create a new package, and when i tryed to push it to the server i received a message that it is blacklisted. what happened? This was what i did: $git push origin master Counting objects: 4, done. Delta compression using up to 4 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done. Total 4 (delta 0), reused 0 (delta 0) remote: error: package is blacklisted: python2-passlib remote: error: hook declined to update refs/heads/master To ssh+git://aur4.archlinux.org/python-passlib.git/ ! [remote rejected] master -> master (hook declined) error: failed to push some refs to 'ssh+git:// aur4.archlinux.org/python-passlib.git/' --- Eduardo M. Machado
Re: [aur-general] We've got a spam issue in our AUR
On Sun, Jul 12, 2015 at 2:24 PM, Lukas Fleischer wrote: > On Sun, 12 Jul 2015 at 18:25:47, Andrejs Mivreņiks wrote: >> Hi, >> >> Suspending the account is good, though what about messages? Are they >> going to be removed? Also there is totally no spam protection that I know of >> at >> this moment in AUR, at some point it might turn out to be a bigger problem >> than >> that today. >> [...] > > I deleted all 15 comments the user posted. Given that only a very low > number of packages were affected, I suspect that he copy-pasted the > message manually. There is really nothing we can do about that (apart > from disabling comments)... I'm not sure if this is worthwhile, but: http://bogofilter.sourceforge.net/ https://pypi.python.org/pypi/django-bogofilter/0.1 (example of integrating bogofilter to forum comments in Django/Python) We could add this email-style spam filtering (using bogofilter or any similar package), and make comments that fail it have to use a CAPTCHA? Or just make all comments require a CAPTCHA. Or a "report spam" link for comments. Another thought for improving comments might be to implement reddit-style upvoting/downvoting.
Re: [aur-general] AUR4 keywords in PKGBUILD?
On Sun, 12 Jul 2015 at 18:07:37, Ido Rosen wrote: > Is it possible currently to set the keywords/tags in the PKGBUILD > itself instead of on the website? (Previously, we had to set > categories on the AUR website, but that felt suboptimal.) e.g. a > keywords=('cats' 'dogs' ...); variable? > No. > Or, alternatively, would people be amenable to adding an ssh command > in the AUR git-shell to add/remove/set keywords? Sounds like a nice suggestion to me. Could you please file a FR on the bug tracker?
Re: [aur-general] We've got a spam issue in our AUR
On Sun, 12 Jul 2015 at 17:54:10, Daniel Micay wrote: > On 12/07/15 11:24 AM, Andrejs Mivreņiks wrote: > > Hi, > > > > The user instmania[1] has posted spam links in the comments section > > of almost every recently updated package. For example [2] > > > > [1] https://aur4.archlinux.org/account/instmania/ > > [2] https://aur4.archlinux.org/packages/warthunder/ > > I submitted a patch to remove the incentive to do this: > > https://lists.archlinux.org/pipermail/aur-dev/2015-July/003608.html > > It would be nice to implement the registration question we have on the > forums and wiki too. > We introduced a similar (even harder and quickly changing) question the last time we had issues with a spam bot. It didn't help, the spammer revamped his bot within a couple of minutes, see [1]. Our next countermeasure was to require email confirmations on registration (and preventing the same email address from being used twice) which worked fine. Obviously, all that doesn't help when a human registers himself. The only additional thing I can think of is some flood control mechanism which does not fix the problem itself but helps reducing the degree of damage... [1] https://lists.archlinux.org/pipermail/aur-dev/2013-March/002438.html
Re: [aur-general] We've got a spam issue in our AUR
On Sun, 12 Jul 2015 at 18:25:47, Andrejs Mivreņiks wrote: > Hi, > > Suspending the account is good, though what about messages? Are they > going to be removed? Also there is totally no spam protection that I know of > at > this moment in AUR, at some point it might turn out to be a bigger problem > than > that today. > [...] I deleted all 15 comments the user posted. Given that only a very low number of packages were affected, I suspect that he copy-pasted the message manually. There is really nothing we can do about that (apart from disabling comments)...
Re: [aur-general] We've got a spam issue in our AUR
Hi, Suspending the account is good, though what about messages? Are they going to be removed? Also there is totally no spam protection that I know of at this moment in AUR, at some point it might turn out to be a bigger problem than that today. Regards, Andrejs -- Andrejs Mivreņiks PGP Key Fingerprint: 3872 5DEB BCA5 9460 09B2 E867 F34B C7DA D782 DAB8 On Sun, 12 Jul 2015, at 18:47, Muflone wrote: > Hi > > Il 12/07/2015 17:24, Andrejs Mivreņiks ha scritto: > > Hi, > > > > The user instmania[1] has posted spam links in the comments section > > of almost every recently updated package. For example [2] > > > > [1] https://aur4.archlinux.org/account/instmania/ > > [2] https://aur4.archlinux.org/packages/warthunder/ > > > I've suspended the instmania account. > I received his spam for one package of mine too. > > Bye > > > -- > Fabio Castelli aka Muflone
[aur-general] AUR4 keywords in PKGBUILD?
Is it possible currently to set the keywords/tags in the PKGBUILD itself instead of on the website? (Previously, we had to set categories on the AUR website, but that felt suboptimal.) e.g. a keywords=('cats' 'dogs' ...); variable? Or, alternatively, would people be amenable to adding an ssh command in the AUR git-shell to add/remove/set keywords?
Re: [aur-general] We've got a spam issue in our AUR
On 12/07/15 11:24 AM, Andrejs Mivreņiks wrote: > Hi, > > The user instmania[1] has posted spam links in the comments section > of almost every recently updated package. For example [2] > > [1] https://aur4.archlinux.org/account/instmania/ > [2] https://aur4.archlinux.org/packages/warthunder/ I submitted a patch to remove the incentive to do this: https://lists.archlinux.org/pipermail/aur-dev/2015-July/003608.html It would be nice to implement the registration question we have on the forums and wiki too. signature.asc Description: OpenPGP digital signature
Re: [aur-general] We've got a spam issue in our AUR
Hi Il 12/07/2015 17:24, Andrejs Mivreņiks ha scritto: > Hi, > > The user instmania[1] has posted spam links in the comments section > of almost every recently updated package. For example [2] > > [1] https://aur4.archlinux.org/account/instmania/ > [2] https://aur4.archlinux.org/packages/warthunder/ I've suspended the instmania account. I received his spam for one package of mine too. Bye -- Fabio Castelli aka Muflone
[aur-general] We've got a spam issue in our AUR
Hi, The user instmania[1] has posted spam links in the comments section of almost every recently updated package. For example [2] [1] https://aur4.archlinux.org/account/instmania/ [2] https://aur4.archlinux.org/packages/warthunder/ -- Andrejs Mivreņiks PGP Key Fingerprint: 3872 5DEB BCA5 9460 09B2 E867 F34B C7DA D782 DAB8
[aur-general] TU vacation
Hi, Feel free to update my packages while I'm on vacation. I'm back at the end of July. -- Best regards, Alexander Rødseth xyproto / TU -- Best regards, Alexander F Rødseth / xyproto
[aur-general] Signoff report for [community-testing]
=== Signoff report for [community-testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 4 new packages in last 24 hours * 0 known bad packages * 0 packages not accepting signoffs * 0 fully signed off packages * 23 packages missing signoffs * 2 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [community-testing] in last 24 hours (4 total) == * kadu-2.1-2 (i686) * vagrant-1.7.3-1 (i686) * kadu-2.1-2 (x86_64) * vagrant-1.7.3-1 (x86_64) == Incomplete signoffs for [community] (23 total) == * salt-2015.5.3-1 (any) 0/2 signoffs * acpi_call-1.1.0-32 (i686) 0/1 signoffs * bbswitch-0.8-34 (i686) 0/1 signoffs * fcitx-qt5-1.0.3-1 (i686) 0/1 signoffs * kadu-2.1-2 (i686) 0/1 signoffs * lightdm-1:1.14.0-4 (i686) 0/1 signoffs * r8168-8.040.00-4 (i686) 0/1 signoffs * rt3562sta-2.4.1.1_r2-10 (i686) 0/1 signoffs * tp_smapi-0.41-71 (i686) 0/1 signoffs * vagrant-1.7.3-1 (i686) 0/1 signoffs * vhba-module-20140928-15 (i686) 0/1 signoffs * virtualbox-modules-4.3.28-4 (i686) 0/1 signoffs * acpi_call-1.1.0-32 (x86_64) 0/2 signoffs * bbswitch-0.8-34 (x86_64) 0/2 signoffs * fcitx-qt5-1.0.3-1 (x86_64) 0/2 signoffs * kadu-2.1-2 (x86_64) 0/2 signoffs * lightdm-1:1.14.0-4 (x86_64) 0/2 signoffs * r8168-8.040.00-4 (x86_64) 0/2 signoffs * rt3562sta-2.4.1.1_r2-10 (x86_64) 0/2 signoffs * tp_smapi-0.41-71 (x86_64) 0/2 signoffs * vagrant-1.7.3-1 (x86_64) 0/2 signoffs * vhba-module-20140928-15 (x86_64) 0/2 signoffs * virtualbox-modules-4.3.28-4 (x86_64) 0/2 signoffs == All packages in [community-testing] for more than 14 days (2 total) == * lightdm-1:1.14.0-4 (i686), since 2015-06-26 * lightdm-1:1.14.0-4 (x86_64), since 2015-06-26 == Top five in signoffs in last 24 hours ==