[GRASS-dev] spam in bug tracker

Hi

Eric has found that spam is being added to existing BT tickets.

See eg. at the bottom of
http://intevation.de/rt/webrt?serial_num=1107
http://intevation.de/rt/webrt?serial_num=2904

Is there anything we can do about it?

Maciek

Maciej Sieczka wrote:

Eric has found that spam is being added to existing BT tickets.

See eg. at the bottom of
http://intevation.de/rt/webrt?serial_num=1107
http://intevation.de/rt/webrt?serial_num=2904

Is there anything we can do about it?

Besides calling on friends in low places?

After a period of cursing, create a new bug, copy over relevant content,
close the old bug, and hope it doesn't happen again. If Intevation can
track down the offending IP range and has the energy, blacklist the
bastards (mostly as a feel-good measure for us).

or maybe Intevation can edit the bug's record by hand? (again, wasted
energy better used for something else)

Unless it gets really really really bad, I don't like requiring an
account to submit bugs. This is something I really hate about Bugzilla,
and I think there are all sorts of valid bugs we wouldn't find out about
if such a policy was enacted.

note this was done by human hand in the bug tracker, not by chance spam
email.

Hamish

On Thu, Sep 28, 2006 at 12:04:10AM +1200, Hamish wrote:

Maciej Sieczka wrote:
> Eric has found that spam is being added to existing BT tickets.
>
> See eg. at the bottom of
> http://intevation.de/rt/webrt?serial_num=1107
> http://intevation.de/rt/webrt?serial_num=2904
>
> Is there anything we can do about it?

Besides calling on friends in low places?

After a period of cursing, create a new bug, copy over relevant content,
close the old bug, and hope it doesn't happen again. If Intevation can
track down the offending IP range and has the energy, blacklist the
bastards (mostly as a feel-good measure for us).

or maybe Intevation can edit the bug's record by hand? (again, wasted
energy better used for something else)

[...]

Probably the migration to a new bugtracker solves the problem
(see recent mail from Jan).

Markus

On Thu, 2006-09-28 at 00:04 +1200, Hamish wrote:

Unless it gets really really really bad, I don't like requiring an
account to submit bugs. This is something I really hate about Bugzilla,
and I think there are all sorts of valid bugs we wouldn't find out about
if such a policy was enacted.

I, too, hate having so many accounts around the web that I cannot keep
track of them all. It's one reason why I hate pay-for wireless internet
as a travel around the world--too many places where I must sprinkle my
identity just to get a network connection.

I saw an excellent presentation at EuroOSCON about OpenID
( http://openid.net/ ) that is trying to crack the problem of Web-based
single sign-on. There are an increasing number of sites that do accept
OpenID credentials, and I believe that it would be logical, at this
point, to try to circle all of the bugzilla wagons (Fedora, Red Hat,
GRASS, GNOME, gforge, etc) so that a single credential can be used by
all. Would single sign-on address your problem Hamish?

M

Markus Neteler wrote:

On Thu, Sep 28, 2006 at 12:04:10AM +1200, Hamish wrote:
> Maciej Sieczka wrote:
> > Eric has found that spam is being added to existing BT tickets.
> >
> > See eg. at the bottom of
> > http://intevation.de/rt/webrt?serial_num=1107
> > http://intevation.de/rt/webrt?serial_num=2904
> >
> > Is there anything we can do about it?
>
>
> Besides calling on friends in low places?
>
> After a period of cursing, create a new bug, copy over relevant
> content, close the old bug, and hope it doesn't happen again. If
> Intevation can track down the offending IP range and has the energy,
> blacklist the bastards (mostly as a feel-good measure for us).
>
> or maybe Intevation can edit the bug's record by hand? (again,
> wasted energy better used for something else)

[...]

Probably the migration to a new bugtracker solves the problem
(see recent mail from Jan).

Michael Tiemann wrote:

I, too, hate having so many accounts around the web that I cannot keep
track of them all. It's one reason why I hate pay-for wireless
internet as a travel around the world--too many places where I must
sprinkle my identity just to get a network connection.

I saw an excellent presentation at EuroOSCON about OpenID
( http://openid.net/ ) that is trying to crack the problem of
Web-based single sign-on. There are an increasing number of sites
that do accept OpenID credentials, and I believe that it would be
logical, at this point, to try to circle all of the bugzilla wagons
(Fedora, Red Hat, GRASS, GNOME, gforge, etc) so that a single
credential can be used by all. Would single sign-on address your
problem Hamish?

I don't think either approach would help. This was done by human hand
remember. As seen on the wiki, spammers are willing to create an account
by hand to add their links. So nice new bugtracker software or universal
account doesn't change a thing. argh!

This got so bad on the GpsDrive wiki that we had to designate sysops to
moderate the creating of accounts. In the past months I've only been
asked to create one new account, and then the wiki software wouldn't
deal with sending a password to a 3rd party (ie the new user). This has
all but killed any momentum in the wiki. argh!
"last modification by .." at the bottom of each wiki page and
anti-automation devices on the new account page help.

Another issue is by copying over the content of a bug & "resolving" the
old one, the spam is still searchable. We need to be sure to "kill"
the spam content so it is out of reach of the google-bots, otherwise
the spammers have still succeeded in using our google-cred & will
continue to spam us. argh!

I saw Mark Shuttleworth give a good talk on this some months ago at
LinuxConf.au. His main point was barriers to contibutions must stay
low, or you get an exponential drop off in casual developer help.
No solution, but it highlights how much this crap hurts Free software.
I don't really check my spam-box anymore for false-positives. Who knows
what I've missed?

Hamish

<<< No Message Collected >>>