While familiarizing myself with gitlab.haskell.org, I noticed there's a ton of spam users and projects. Does this have any practical effect on any of you? Who (if anyone) is the moderation team that handles abuse reports? While I don't think it's a high-priority concern for myself and I don't intend to address it right now, I'd like to at least know what kind of effect this is having on GHC devs. There have already been 50+ users added today, and a random sample was 100% spam. There are 84,000 users and 1700 projects in the system in total. I assume 90-99% of them are spam. Not really conducive to a balanced diet. -Bryan "eat more veggies" Richter
No visible effect on my part, but I would agree that it's not something we should keep. :) Le 16/05/2022 à 15:52, Bryan a écrit :
While familiarizing myself with gitlab.haskell.org, I noticed there's a ton of spam users and projects.
Does this have any practical effect on any of you?
Who (if anyone) is the moderation team that handles abuse reports?
While I don't think it's a high-priority concern for myself and I don't intend to address it right now, I'd like to at least know what kind of effect this is having on GHC devs.
There have already been 50+ users added today, and a random sample was 100% spam.
There are 84,000 users and 1700 projects in the system in total. I assume 90-99% of them are spam. Not really conducive to a balanced diet.
-Bryan "eat more veggies" Richter
_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
-- Hécate ✨ 🐦: @TechnoEmpress IRC: Hecate WWW:https://glitchbra.in RUN: BSD
Bryan and I discussed this in person but I'll repeat what I said there here: In short, there are two kinds of spam: * user creation without the creation of any other content * spam content (primarily projects and snippets) My sense is that the former has thusfar been harmless and consequently we shouldn't worry lose any sleep over it. On the other hand, spam content is quite problematic and we should strive to eliminate it. Once every few months I take a bit of time and do some cleaning (with some mechanical help [1]). It's also helpful when users use GitLab's "Report Abuse" feature to flag spam accounts as these cases are very easy to handle. Cheers, - Ben [1] https://gitlab.haskell.org/bgamari/ghc-utils/-/blob/master/gitlab-utils/gitl...
The second one is an issue if it consumes CI Ressource. Ideally we’d have
only “blessed” repos allowed to consume CI. The issue with this is that
(random) new users can’t fork GHC and have CI run against their change.
I’d still very much like to see a solution to this; it is a security
concern.
Moritz
On Tue, 17 May 2022 at 1:27 AM, Ben Gamari
Bryan and I discussed this in person but I'll repeat what I said there here:
In short, there are two kinds of spam:
* user creation without the creation of any other content * spam content (primarily projects and snippets)
My sense is that the former has thusfar been harmless and consequently we shouldn't worry lose any sleep over it. On the other hand, spam content is quite problematic and we should strive to eliminate it. Once every few months I take a bit of time and do some cleaning (with some mechanical help [1]). It's also helpful when users use GitLab's "Report Abuse" feature to flag spam accounts as these cases are very easy to handle.
Cheers,
- Ben
[1] https://gitlab.haskell.org/bgamari/ghc-utils/-/blob/master/gitlab-utils/gitl...
_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Moritz Angermann
The second one is an issue if it consumes CI Ressource. Ideally we’d have only “blessed” repos allowed to consume CI. The issue with this is that (random) new users can’t fork GHC and have CI run against their change.
I’d still very much like to see a solution to this; it is a security concern.
I have never seen a spam user attempt to use our CI infrastructure. While I believe we could in principle disable CI for new users now since this feature request has (AFAICT) been implemented [1], I am a bit reluctant to do so unless there is actual evidence of abuse. Cheers, - Ben [1] https://gitlab.com/groups/gitlab-org/-/epics/3278
participants (4)
-
Ben Gamari -
Bryan -
Hécate -
Moritz Angermann