2013/11/14 Kohsuke Kawaguchi <[email protected]>: > I still don't have good sense on the scope of the problem. I wonder if I > should roll them back, or should try to just fix them one by one?
I've found three major issues and a few minor ones; they all have been addressed by Oleg's patch. > On 11/12/2013 11:48 PM, Роман Каган wrote: >> AFAICS http://l10n.jenkins-ci.org/ accepts anonymous submissions so >> nothing prevents an irresponsible user from submitting whatever crap >> they like. > > We do capture the Jenkins instance ID that it came from, so once we know the > offender it is relatively easy to block it. Right, but it's quite a bit of manual work, and happens after the breakage percolated to the user installations. >> Perhaps forcing authentication (e.g. via github or jenkins' jira) in the >> translation plugin will make the contributions accountable and thus >> prevent junk submissions? > > This is a good idea. It's cheap enough to do and it makes people recognize > that we know who they are, and I think it'll act as a deterrence. Well, I don't think that's the main point. I guess people who have submitted those translations had no malicious intent. IMHO they did it just because they could, without understanding what they were doing. So authenticating against, say, jenkins' jira/confluence, will make sure that the submission is done by someone who cares enough to have signed up, and is fine with receiving mail regarding the files changed. In addition, that would allow attributing the commits in git to the actual authors, and to figure out whom to contact in case of conflicting changes. > Another idea that I had from the beginning, although it'll require more > effort, is to ask people to review other people's submissions in the same > UI. That is, when someone submits a translation in one language, we can ask > them to review a different submission from another person in the same > language and score them. In other words, we can also crowd-source reviewing. The problem with reviewing is the unclear level of commitment of the reviewer's part. > There's also a suggestion of placing a high bar on updating existing > translations as opposed to just adding it where it's missing. That would be great, but how would this be formalized? Issue a warning? Unfortunately I can't help implementing any of this as my Java skills are too poor for that. Thanks, Roman. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
