Woah, yeah, I have filed a few bugs as well as posted patches and comments. Indeed I don't seem to be able to comment anymore. Anyone want to add me (rjosal) to a role that can comment or create?
Ryan On Thursday, April 21, 2016, David Smiley <david.w.smi...@gmail.com> wrote: > Wow! My reading of this is that the general public (i.e. not committers) > won't be able to really do anything other than view JIRA issues unless we > expressly add individuals to a specific project group? :-( Clearly that > sucks big time. Is anyone reading this differently? Assuming this is > true... at this point maybe there is nothing to do but wait until the > inevitable requests come in for people to create/comment. Maybe send a > message to the user lists? > > ~ David > > ---------- Forwarded message --------- > From: Gav <gmcdon...@apache.org > <javascript:_e(%7B%7D,'cvml','gmcdon...@apache.org');>> > Date: Fri, Apr 22, 2016 at 12:14 AM > Subject: Jira Spam - And changes made as a result. > To: infrastruct...@apache.org > <javascript:_e(%7B%7D,'cvml','infrastruct...@apache.org');> > Infrastructure <infrastruct...@apache.org > <javascript:_e(%7B%7D,'cvml','infrastruct...@apache.org');>> > > > Hi All, > > Apologies for notifying you after the fact. > > Earlier today (slowing down to a halt about 1/2 hr ago due to our changes) > we had a > big Spam attack directed at the ASF Jira instance. > > Many project were affected, including :- > > TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS, > AIRFLOW, ACE, APEXCORE, RANGER and KYLIN . > > During the process we ended up banning 27 IP addresses , deleted well over > 200 tickets, and about 2 dozen user accounts. > > The spammers were creating accounts using the normal system and going > through the required captchas. > > In addition to the ban hammer and deletions and to prevent more spam > coming in, we changed the 'Default Permissions Scheme' so that anyone in > the 'jira-users' group are no longer allowed to 'Create' tickets and are no > longer allowed to 'Comment' on any tickets. > > Obviously that affects genuine users as well as the spammers, we know > that. > > Replacement auth instead of jira-users group now includes allowing those > in the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in > jira. > > Projects would you please assist in making this work - anyone that is not > in any of those roles for your project; and needs access to be able to > create issues and comment, please do add their jira id to one of the > available roles. (Let us know if you need assistance in this area) > > This is a short term solution. For the medium to long term we are working > on providing LDAP authentication for Jira and Confluence through Atlassian > Crowd (likley). > > If any projects are still being affected, please notify us as you may be > using another permissions scheme to the one altered. Notify us via INFRA > jira ticket or reply to this mail to infrastruct...@apache.org > <javascript:_e(%7B%7D,'cvml','infrastruct...@apache.org');> or join us on > hipchat (https://www.hipchat.com/gIjVtYcNy) > > Any project seriously adversely impacted by our changes please do come > talk to us and we'll see what we can work out. > > Thanks all for your patience and understanding. > > Gav... (ASF Infra) > -- > Lucene/Solr Search Committer, Consultant, Developer, Author, Speaker > LinkedIn: http://linkedin.com/in/davidwsmiley | Book: > http://www.solrenterprisesearchserver.com >
