[GRASS-dev] spam in bug tracker

Hamish hamish_nospam at yahoo.com
Wed Sep 27 11:33:57 EDT 2006 

Markus Neteler wrote:
> On Thu, Sep 28, 2006 at 12:04:10AM +1200, Hamish wrote:
> > Maciej Sieczka wrote:
> > > Eric has found that spam is being added to existing BT tickets.
> > > 
> > > See eg. at the bottom of
> > > http://intevation.de/rt/webrt?serial_num=1107
> > > http://intevation.de/rt/webrt?serial_num=2904
> > > 
> > > Is there anything we can do about it?
> > 
> > 
> > Besides calling on friends in low places?
> > 
> > After a period of cursing, create a new bug, copy over relevant
> > content, close the old bug, and hope it doesn't happen again. If
> > Intevation can track down the offending IP range and has the energy,
> > blacklist the bastards (mostly as a feel-good measure for us).
> > 
> > or maybe Intevation can edit the bug's record by hand? (again,
> > wasted energy better used for something else)
> 
> [...]
> 
> Probably the migration to a new bugtracker solves the problem
> (see recent mail from Jan).

Michael Tiemann wrote:
> I, too, hate having so many accounts around the web that I cannot keep
> track of them all.  It's one reason why I hate pay-for wireless
> internet as a travel around the world--too many places where I must
> sprinkle my identity just to get a network connection.
> 
> I saw an excellent presentation at EuroOSCON about OpenID
> ( http://openid.net/ ) that is trying to crack the problem of
> Web-based single sign-on.  There are an increasing number of sites
> that do accept OpenID credentials, and I believe that it would be
> logical, at this point, to try to circle all of the bugzilla wagons
> (Fedora, Red Hat, GRASS, GNOME, gforge, etc) so that a single
> credential can be used by all.  Would single sign-on address your
> problem Hamish?


I don't think either approach would help. This was done by human hand
remember. As seen on the wiki, spammers are willing to create an account
by hand to add their links. So nice new bugtracker software or universal
account doesn't change a thing. argh!

This got so bad on the GpsDrive wiki that we had to designate sysops to
moderate the creating of accounts. In the past months I've only been
asked to create one new account, and then the wiki software wouldn't
deal with sending a password to a 3rd party (ie the new user). This has
all but killed any momentum in the wiki. argh! 
"last modification by .." at the bottom of each wiki page and
anti-automation devices on the new account page help.

Another issue is by copying over the content of a bug & "resolving" the
old one, the spam is still searchable. We need to be sure to "kill"
the spam content so it is out of reach of the google-bots, otherwise
the spammers have still succeeded in using our google-cred & will
continue to spam us. argh!

I saw Mark Shuttleworth give a good talk on this some months ago at
LinuxConf.au. His main point was barriers to contibutions must stay
low, or you get an exponential drop off in casual developer help.
No solution, but it highlights how much this crap hurts Free software.
I don't really check my spam-box anymore for false-positives. Who knows
what I've missed?


Hamish

More information about the grass-dev mailing list