Re: [aur-general] We've got a spam issue in our AUR
I have seen some spam filters that have layers. The first layer is captcha, which blocks most bots. Google recaptcha is very useful in this case. I don't think this will block any human user. In addition, users don't have to enter captcha every time once it determines that a person is not a bot. For reference: https://www.google.com/recaptcha/intro/index.html The second layer is letting users to report spams, or having some kind of rating system (reddit). This blocks diligent human spammers. In particular reddit's rating system is smart because it requires no moderator; users actively downvote bad comments and upvote useful ones. I generally don't like keyword-based spam filters because they take time to maintain a good keyword list and are easy to block legit users. On Tue, Jul 14, 2015 at 9:09 AM, Oon-Ee Ng wrote: > On Tue, Jul 14, 2015 at 3:43 AM, Johannes Löthberg > wrote: >> Not all spam is automated , so just requiring a CAPTCHA wouldn't be very >> useful. I think a slightly better approach would be to add the comment to a >> queue if it fails the spam filter, and require a TU to approve it. > > Seems like a lot of unnecessary work for TUs though. Maybe it would be > better for maintainers approval to be required for posts that fail a > spam filter (they could just ignore it). Even if its not really spam, > its probably aimed at the maintainer anyway.
Re: [aur-general] We've got a spam issue in our AUR
On Tue, Jul 14, 2015 at 3:43 AM, Johannes Löthberg wrote: > Not all spam is automated , so just requiring a CAPTCHA wouldn't be very > useful. I think a slightly better approach would be to add the comment to a > queue if it fails the spam filter, and require a TU to approve it. Seems like a lot of unnecessary work for TUs though. Maybe it would be better for maintainers approval to be required for posts that fail a spam filter (they could just ignore it). Even if its not really spam, its probably aimed at the maintainer anyway.
Re: [aur-general] AUR4 keywords in PKGBUILD?
I wouldn't say having keywords in the .SRCINFO is any better than having it in the PKGBUILD. SRCINFOs contain metadata drawn directly from the PKGBUILD, with the exception of things like the `epoch` field. To have the keywords present in the SRCINFO but not the PKGBUILD would be nonsensical in my opinion.
Re: [aur-general] AUR4 keywords in PKGBUILD?
On Mon, Jul 13, 2015 at 3:45 PM, Johannes Löthberg wrote: > On 12/07, Lukas Fleischer wrote: >> >> On Sun, 12 Jul 2015 at 18:07:37, Ido Rosen wrote: >>> >>> Is it possible currently to set the keywords/tags in the PKGBUILD >>> itself instead of on the website? (Previously, we had to set >>> categories on the AUR website, but that felt suboptimal.) e.g. a >>> keywords=('cats' 'dogs' ...); variable? >>> >> >> No. >> > > I wonder if it would be useful to support having keywords in the .SRCINFO > file. A couple of people have requested it, though I'm still unsure about > the idea. > > What do you think? > Definitely worthwhile. > >>> Or, alternatively, would people be amenable to adding an ssh command >>> in the AUR git-shell to add/remove/set keywords? >> >> >> Sounds like a nice suggestion to me. Could you please file a FR on the >> bug tracker? > > > -- > Sincerely, > Johannes Löthberg > PGP Key ID: 0x50FB9B273A9D0BB5 > https://theos.kyriasis.com/~kyrias/
Re: [aur-general] blacklisted package
On 13/07, Eduardo Machado wrote: 2015-07-12 21:05 GMT-03:00 Doug Newgard : On Sun, 12 Jul 2015 20:57:21 -0300 Eduardo Machado wrote: > hi, > > i tried to create a new package, and when i tryed to push it to the server > i received a message that it is blacklisted. what happened? > > This was what i did: > > $git push origin master > Counting objects: 4, done. > Delta compression using up to 4 threads. > Compressing objects: 100% (4/4), done. > Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done. > Total 4 (delta 0), reused 0 (delta 0) > remote: error: package is blacklisted: python2-passlib > remote: error: hook declined to update refs/heads/master > To ssh+git://aur4.archlinux.org/python-passlib.git/ > ! [remote rejected] master -> master (hook declined) > error: failed to push some refs to 'ssh+git:// > aur4.archlinux.org/python-passlib.git/' > > --- >Eduardo M. Machado https://www.archlinux.org/packages/community/any/python-passlib/ https://www.archlinux.org/packages/community/any/python2-passlib/ Sorry, my bad! Thanks for the reply. I wonder if we should make the error message more explicit.. What do you think, Lukas? -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ signature.asc Description: PGP signature
Re: [aur-general] AUR4 keywords in PKGBUILD?
On 12/07, Lukas Fleischer wrote: On Sun, 12 Jul 2015 at 18:07:37, Ido Rosen wrote: Is it possible currently to set the keywords/tags in the PKGBUILD itself instead of on the website? (Previously, we had to set categories on the AUR website, but that felt suboptimal.) e.g. a keywords=('cats' 'dogs' ...); variable? No. I wonder if it would be useful to support having keywords in the .SRCINFO file. A couple of people have requested it, though I'm still unsure about the idea. What do you think? Or, alternatively, would people be amenable to adding an ssh command in the AUR git-shell to add/remove/set keywords? Sounds like a nice suggestion to me. Could you please file a FR on the bug tracker? -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ signature.asc Description: PGP signature
Re: [aur-general] We've got a spam issue in our AUR
On 12/07, Ido Rosen wrote: On Sun, Jul 12, 2015 at 2:24 PM, Lukas Fleischer wrote: On Sun, 12 Jul 2015 at 18:25:47, Andrejs Mivreņiks wrote: Hi, Suspending the account is good, though what about messages? Are they going to be removed? Also there is totally no spam protection that I know of at this moment in AUR, at some point it might turn out to be a bigger problem than that today. [...] I deleted all 15 comments the user posted. Given that only a very low number of packages were affected, I suspect that he copy-pasted the message manually. There is really nothing we can do about that (apart from disabling comments)... I'm not sure if this is worthwhile, but: http://bogofilter.sourceforge.net/ https://pypi.python.org/pypi/django-bogofilter/0.1 (example of integrating bogofilter to forum comments in Django/Python) We could add this email-style spam filtering (using bogofilter or any similar package), and make comments that fail it have to use a CAPTCHA? Or just make all comments require a CAPTCHA. Or a "report spam" link for comments. Another thought for improving comments might be to implement reddit-style upvoting/downvoting. Not all spam is automated , so just requiring a CAPTCHA wouldn't be very useful. I think a slightly better approach would be to add the comment to a queue if it fails the spam filter, and require a TU to approve it. -- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ signature.asc Description: PGP signature
Re: [aur-general] blacklisted package
2015-07-12 21:05 GMT-03:00 Doug Newgard : > On Sun, 12 Jul 2015 20:57:21 -0300 > Eduardo Machado wrote: > > > hi, > > > > i tried to create a new package, and when i tryed to push it to the > server > > i received a message that it is blacklisted. what happened? > > > > This was what i did: > > > > $git push origin master > > Counting objects: 4, done. > > Delta compression using up to 4 threads. > > Compressing objects: 100% (4/4), done. > > Writing objects: 100% (4/4), 1.05 KiB | 0 bytes/s, done. > > Total 4 (delta 0), reused 0 (delta 0) > > remote: error: package is blacklisted: python2-passlib > > remote: error: hook declined to update refs/heads/master > > To ssh+git://aur4.archlinux.org/python-passlib.git/ > > ! [remote rejected] master -> master (hook declined) > > error: failed to push some refs to 'ssh+git:// > > aur4.archlinux.org/python-passlib.git/' > > > > --- > >Eduardo M. Machado > > https://www.archlinux.org/packages/community/any/python-passlib/ > https://www.archlinux.org/packages/community/any/python2-passlib/ > Sorry, my bad! Thanks for the reply.
[aur-general] Signoff report for [community-testing]
=== Signoff report for [community-testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 0 new packages in last 24 hours * 0 known bad packages * 0 packages not accepting signoffs * 0 fully signed off packages * 19 packages missing signoffs * 0 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == Incomplete signoffs for [community] (19 total) == * salt-2015.5.3-1 (any) 0/2 signoffs * acpi_call-1.1.0-32 (i686) 0/1 signoffs * bbswitch-0.8-34 (i686) 0/1 signoffs * fcitx-qt5-1.0.3-1 (i686) 0/1 signoffs * kadu-2.1-2 (i686) 0/1 signoffs * r8168-8.040.00-4 (i686) 0/1 signoffs * rt3562sta-2.4.1.1_r2-10 (i686) 0/1 signoffs * tp_smapi-0.41-71 (i686) 0/1 signoffs * vhba-module-20140928-15 (i686) 0/1 signoffs * virtualbox-modules-4.3.28-4 (i686) 0/1 signoffs * acpi_call-1.1.0-32 (x86_64) 0/2 signoffs * bbswitch-0.8-34 (x86_64) 0/2 signoffs * fcitx-qt5-1.0.3-1 (x86_64) 0/2 signoffs * kadu-2.1-2 (x86_64) 0/2 signoffs * r8168-8.040.00-4 (x86_64) 0/2 signoffs * rt3562sta-2.4.1.1_r2-10 (x86_64) 0/2 signoffs * tp_smapi-0.41-71 (x86_64) 0/2 signoffs * vhba-module-20140928-15 (x86_64) 0/2 signoffs * virtualbox-modules-4.3.28-4 (x86_64) 0/2 signoffs == Top five in signoffs in last 24 hours == 1. tpowa - 4 signoffs 2. eworm - 1 signoffs 3. anatolik - 1 signoffs