Re: [aur-general] We've got a spam issue in our AUR

[Tai-Lin Chu]

I have seen some spam filters that have layers.

The first layer is captcha, which blocks most bots. Google recaptcha
is very useful in this case. I don't think this will block any human
user. In addition, users don't have to enter captcha every time once
it determines that a person is not a bot. For reference:
https://www.google.com/recaptcha/intro/index.html

The second layer is letting users to report spams, or having some kind
of rating system (reddit). This blocks diligent human spammers. In
particular reddit's rating system is smart because it requires no
moderator; users actively downvote bad comments and upvote useful
ones.

I generally don't like keyword-based spam filters because they take
time to maintain a good keyword list and are easy to block legit
users.



On Tue, Jul 14, 2015 at 9:09 AM, Oon-Ee Ng  wrote:
> On Tue, Jul 14, 2015 at 3:43 AM, Johannes Löthberg
>  wrote:
>> Not all spam is automated , so just requiring a CAPTCHA wouldn't be very
>> useful. I think a slightly better approach would be to add the comment to a
>> queue if it fails the spam filter, and require a TU to approve it.
>
> Seems like a lot of unnecessary work for TUs though. Maybe it would be
> better for maintainers approval to be required for posts that fail a
> spam filter (they could just ignore it). Even if its not really spam,
> its probably aimed at the maintainer anyway.

Re: [aur-general] We've got a spam issue in our AUR

[Oon-Ee Ng]

On Tue, Jul 14, 2015 at 3:43 AM, Johannes Löthberg
 wrote:
> Not all spam is automated , so just requiring a CAPTCHA wouldn't be very
> useful. I think a slightly better approach would be to add the comment to a
> queue if it fails the spam filter, and require a TU to approve it.

Seems like a lot of unnecessary work for TUs though. Maybe it would be
better for maintainers approval to be required for posts that fail a
spam filter (they could just ignore it). Even if its not really spam,
its probably aimed at the maintainer anyway.

Re: [aur-general] AUR4 keywords in PKGBUILD?

[David Phillips]

I wouldn't say having keywords in the .SRCINFO is any better than
having it in the PKGBUILD. SRCINFOs contain metadata drawn directly
from the PKGBUILD, with the exception of things like the `epoch`
field. To have the keywords present in the SRCINFO but not the
PKGBUILD would be nonsensical in my opinion.

Re: [aur-general] AUR4 keywords in PKGBUILD?

[Ido Rosen]

On Mon, Jul 13, 2015 at 3:45 PM, Johannes Löthberg
 wrote:
> On 12/07, Lukas Fleischer wrote:
>>
>> On Sun, 12 Jul 2015 at 18:07:37, Ido Rosen wrote:
>>>
>>> Is it possible currently to set the keywords/tags in the PKGBUILD
>>> itself instead of on the website?  (Previously, we had to set
>>> categories on the AUR website, but that felt suboptimal.)  e.g. a
>>> keywords=('cats' 'dogs' ...); variable?
>>>
>>
>> No.
>>
>
> I wonder if it would be useful to support having keywords in the .SRCINFO
> file. A couple of people have requested it, though I'm still unsure about
> the idea.
>
> What do you think?
>

Definitely worthwhile.

>
>>> Or, alternatively, would people be amenable to adding an ssh command
>>> in the AUR git-shell to add/remove/set keywords?
>>
>>
>> Sounds like a nice suggestion to me. Could you please file a FR on the
>> bug tracker?
>
>
> --
> Sincerely,
>  Johannes Löthberg
>  PGP Key ID: 0x50FB9B273A9D0BB5
>  https://theos.kyriasis.com/~kyrias/

Re: [aur-general] blacklisted package

[Johannes Löthberg]

On 13/07, Eduardo Machado wrote:

2015-07-12 21:05 GMT-03:00 Doug Newgard :


On Sun, 12 Jul 2015 20:57:21 -0300
Eduardo Machado  wrote:

> hi,
>
> i tried to create a new package, and when i tryed to push it to the
server
> i received a message that it is blacklisted. what happened?
>
> This was what i did:
>
> $git push origin master
> Counting objects: 4, done.
> Delta compression using up to 4 threads.
> Compressing objects: 100% (4/4), done.
> Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done.
> Total 4 (delta 0), reused 0 (delta 0)
> remote: error: package is blacklisted: python2-passlib
> remote: error: hook declined to update refs/heads/master
> To ssh+git://aur4.archlinux.org/python-passlib.git/
>  ! [remote rejected] master -> master (hook declined)
> error: failed to push some refs to 'ssh+git://
> aur4.archlinux.org/python-passlib.git/'
>
> ---
>Eduardo M. Machado

https://www.archlinux.org/packages/community/any/python-passlib/
https://www.archlinux.org/packages/community/any/python2-passlib/




Sorry, my bad!
Thanks for the reply.


I wonder if we should make the error message more explicit.. What do you 
think, Lukas?


--
Sincerely,
 Johannes Löthberg
 PGP Key ID: 0x50FB9B273A9D0BB5
 https://theos.kyriasis.com/~kyrias/


signature.asc
Description: PGP signature

Re: [aur-general] AUR4 keywords in PKGBUILD?

[Johannes Löthberg]

On 12/07, Lukas Fleischer wrote:

On Sun, 12 Jul 2015 at 18:07:37, Ido Rosen wrote:

Is it possible currently to set the keywords/tags in the PKGBUILD
itself instead of on the website?  (Previously, we had to set
categories on the AUR website, but that felt suboptimal.)  e.g. a
keywords=('cats' 'dogs' ...); variable?



No.



I wonder if it would be useful to support having keywords in the 
.SRCINFO file. A couple of people have requested it, though I'm still 
unsure about the idea.


What do you think?


Or, alternatively, would people be amenable to adding an ssh command
in the AUR git-shell to add/remove/set keywords?


Sounds like a nice suggestion to me. Could you please file a FR on the
bug tracker?


--
Sincerely,
 Johannes Löthberg
 PGP Key ID: 0x50FB9B273A9D0BB5
 https://theos.kyriasis.com/~kyrias/


signature.asc
Description: PGP signature

Re: [aur-general] We've got a spam issue in our AUR

[Johannes Löthberg]

On 12/07, Ido Rosen wrote:

On Sun, Jul 12, 2015 at 2:24 PM, Lukas Fleischer
 wrote:

On Sun, 12 Jul 2015 at 18:25:47, Andrejs Mivreņiks wrote:

Hi,

Suspending the account is good, though what about messages? Are they
going to be removed? Also there is totally no spam protection that I know of at
this moment in AUR, at some point it might turn out to be a bigger problem than
that today.
[...]


I deleted all 15 comments the user posted. Given that only a very low
number of packages were affected, I suspect that he copy-pasted the
message manually. There is really nothing we can do about that (apart
from disabling comments)...


I'm not sure if this is worthwhile, but:

http://bogofilter.sourceforge.net/
https://pypi.python.org/pypi/django-bogofilter/0.1 (example of
integrating bogofilter to forum comments in Django/Python)

We could add this email-style spam filtering (using bogofilter or any
similar package), and make comments that fail it have to use a
CAPTCHA?  Or just make all comments require a CAPTCHA.  Or a "report
spam" link for comments.

Another thought for improving comments might be to implement
reddit-style upvoting/downvoting.


Not all spam is automated , so just requiring a CAPTCHA wouldn't be very 
useful. I think a slightly better approach would be to add the comment 
to a queue if it fails the spam filter, and require a TU to approve it.


--
Sincerely,
 Johannes Löthberg
 PGP Key ID: 0x50FB9B273A9D0BB5
 https://theos.kyriasis.com/~kyrias/


signature.asc
Description: PGP signature

Re: [aur-general] blacklisted package

[Eduardo Machado]

2015-07-12 21:05 GMT-03:00 Doug Newgard :

> On Sun, 12 Jul 2015 20:57:21 -0300
> Eduardo Machado  wrote:
>
> > hi,
> >
> > i tried to create a new package, and when i tryed to push it to the
> server
> > i received a message that it is blacklisted. what happened?
> >
> > This was what i did:
> >
> > $git push origin master
> > Counting objects: 4, done.
> > Delta compression using up to 4 threads.
> > Compressing objects: 100% (4/4), done.
> > Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done.
> > Total 4 (delta 0), reused 0 (delta 0)
> > remote: error: package is blacklisted: python2-passlib
> > remote: error: hook declined to update refs/heads/master
> > To ssh+git://aur4.archlinux.org/python-passlib.git/
> >  ! [remote rejected] master -> master (hook declined)
> > error: failed to push some refs to 'ssh+git://
> > aur4.archlinux.org/python-passlib.git/'
> >
> > ---
> >Eduardo M. Machado
>
> https://www.archlinux.org/packages/community/any/python-passlib/
> https://www.archlinux.org/packages/community/any/python2-passlib/
>


Sorry, my bad!
Thanks for the reply.

[aur-general] Signoff report for [community-testing]

[Arch Website Notification]

=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/

There are currently:
* 0 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 0 fully signed off packages
* 19 packages missing signoffs
* 0 packages older than 14 days

(Note: the word 'package' as used here refers to packages as grouped by
pkgbase, architecture, and repository; e.g., one PKGBUILD produces one
package per architecture, even if it is a split package.)



== Incomplete signoffs for [community] (19 total) ==

* salt-2015.5.3-1 (any)
0/2 signoffs
* acpi_call-1.1.0-32 (i686)
0/1 signoffs
* bbswitch-0.8-34 (i686)
0/1 signoffs
* fcitx-qt5-1.0.3-1 (i686)
0/1 signoffs
* kadu-2.1-2 (i686)
0/1 signoffs
* r8168-8.040.00-4 (i686)
0/1 signoffs
* rt3562sta-2.4.1.1_r2-10 (i686)
0/1 signoffs
* tp_smapi-0.41-71 (i686)
0/1 signoffs
* vhba-module-20140928-15 (i686)
0/1 signoffs
* virtualbox-modules-4.3.28-4 (i686)
0/1 signoffs
* acpi_call-1.1.0-32 (x86_64)
0/2 signoffs
* bbswitch-0.8-34 (x86_64)
0/2 signoffs
* fcitx-qt5-1.0.3-1 (x86_64)
0/2 signoffs
* kadu-2.1-2 (x86_64)
0/2 signoffs
* r8168-8.040.00-4 (x86_64)
0/2 signoffs
* rt3562sta-2.4.1.1_r2-10 (x86_64)
0/2 signoffs
* tp_smapi-0.41-71 (x86_64)
0/2 signoffs
* vhba-module-20140928-15 (x86_64)
0/2 signoffs
* virtualbox-modules-4.3.28-4 (x86_64)
0/2 signoffs


== Top five in signoffs in last 24 hours ==

1. tpowa - 4 signoffs
2. eworm - 1 signoffs
3. anatolik - 1 signoffs