spam on wiki take 2...
Robert Collins
robertc at robertcollins.net
Thu Sep 27 05:01:45 BST 2007
On Tue, 2007-09-25 at 09:26 -0300, Fabio Machado de Oliveira wrote:
> Robert Collins escreveu:
> > Well, today I deleted 18 spams *from today*.
> >
> > This is getting ridiculous.
> >
> > How about locking the wiki with an ACL with the following settings:
> >
> > - any user of the wiki can add people to the ACL to edit the wiki
> > - all pages that are currently 'any user can edit' become 'users in
> > this acl can edit' - and we set it as the default for new pages.
> >
> > This will force spammers to get someone already in the wiki users group
> > to add them before they can edit pages, so after a few days where we
> > find out the existing spammers, we should be spammer free.
> >
> > On the down side, rather than 'its a wiki, you can contribute', we will
> > have 'its a wiki, get any existing wiki user to authorise you by asking
> > on IRC/mailing list'. Which is a bit chilling on contribution, but
> > perhaps the nuisance value has got to this level.
> >
> > -Rob
>
> Perhaps a smaller step like testing if the user's e-mail is valid, having a
> confirmation to do it, and/or a captcha, would be enough for automated spam.
This is actually a bigger step; it requires a third pary add-on to the
wiki to do a captcha; and there is reason to believe humans seed the
account details *anyway*.
http://bazaar-vcs.org/HelpOnAccessControlLists
has details on the acl system.
If I read it right, my proposal is equivalent to;
* create a group BazaarWikiGroup
* Add all current users to this group.
* change acl_rights_default to
acl_rights_default = u'BazaarWikiGroup:read,write,delete,revert All:read'
I've had an additional off-list response supporting the proposal, but
suggesting that the editors group could well be limited to e.g. the pqm
committers group or some other 'core' group. Personally I think having
it open to all people who have shown human interest is better because:
- it makes it easier to get write access
- its still very easy to police - we can just remove anyone that is a
spammer, and whoever added them to the group if that account is
unknown/suspect.
-Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20070927/adabac68/attachment.pgp
More information about the bazaar
mailing list