I don't want the AUR to become a closed system where everything has to be approved by TU's or moderators. What if two users were required to mark a package out of date (next to other security measures). Maybe an alternate way (not really a solution) is implementing (better) spam detection algorithms?
For reference, how many packages are usually marked out of date per day, and how many are genuine? *Florian Dejonckheere* [email protected] http://www.floriandejonckheere.be floriandejonckheere sip:[email protected] On 13 March 2013 15:36, Kwpolska <[email protected]> wrote: > On Wed, Mar 13, 2013 at 11:33 AM, Lukas Fleischer > <[email protected]> wrote: > > Status quo: > > > > 06:54 < gtmanfred> ok, it really is time for something else > > 06:54 < gtmanfred> the spammer is now creating a new account for > > every comment and flag out of date > > > > The account suspension feature does not help here. > > > > Options: > > > > * Allow package maintainers to block the "Flag package out-of-date" > > feature for a certain amount of time. Note that this might eventually > > cripple the "out-of-date" function. Also, this does not work for > > comments. > > I suggest a flag 24–hour immunity for added/updated packages and a > 60–minute immunity after a package gets unflagged. > > > * Use CAPTCHAs during account registration. We could either use MAPTCHAs > > ("What is 1 + 1?") or something like reCAPTCHA [1]. > > MAPTCHAs can be solved easily by bots, reCAPTCHA itself is evil, and > image CAPTCHAs can be solved by Indians for a dollar or two per > thousand images. > > > * Moderate new accounts. Might be a lot of work. We need some TUs that > > review and unlock accounts. Also, it might be hard to distinguish a > > spam bot from a regular user. If we require a short application text, > > this might result in less users joining the AUR. > > > > Maybe block the ability of commenting and flagging in the first 24 > hours of an user account’s existence? > > > * Block IP addresses. Bye-bye, Tor users! > > Don’t worry, http://proxy.org is here to help our lovely spammers. > > Also, is email verification necessary? If yes, block 10minutemail.com > and other services of this kind. If not, make it so and see “if yes”. > > -- > Kwpolska <http://kwpolska.tk> | GPG KEY: 5EAAEA16 > stop html mail | always bottom-post > http://asciiribbon.org | http://caliburn.nl/topposting.html >
