[Savannah-help-public] [sr #106327] stribog project: possible inconsistencies with the GPL
Follow-up Comment #4, sr #106327 (project administration): Thank you. I missed this issue. ___ Reply to this item at: http://savannah.gnu.org/support/?106327 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106352] Please import my CVS repo with rsync
URL: http://savannah.gnu.org/support/?106352 Summary: Please import my CVS repo with rsync Project: Savannah Administration Submitted by: rrt Submitted on: Friday 25/04/08 at 19:33 Category: Developer CVS Priority: 5 - Normal Severity: 3 - Normal Status: None Assigned to: None Originator Email: [EMAIL PROTECTED] Operating System: None Open/Closed: Open Discussion Lock: Any ___ Details: Project: zile rsync URL: rsync://zile.cvs.sourceforge.net/cvsroot/zile/* ___ Reply to this item at: http://savannah.gnu.org/support/?106352 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106304] Bug spam from logged in spammers?
Follow-up Comment #9, sr #106304 (project administration): I added a few tracers in the code and build some stats for the past day. I trace all new items and items comments. Total comments received: 1869 Posts that failed the 421 captcha and contain http://: 1808 Validated posts (login or captcha): 36 Captcha-validated (anonymous) posts: 6 = 17% Validated posts that contain http://: 6 Validated posts that contain spam: 2 (1 login + 1 captcha) Number of differents IPs: 468 Number of differents IPs for posts that failed the captcha and contain http://: 436 Max # of posts by IP: 89 Average posts by suspicious IP: 4.18 Median of the above: 1 So we're in front of a distributed comment spamming, coming from numerous origins, each generally posting only a few comments. The wide majority of the posts are sent by very primitive bots and are several orders of magnitude more numerous than legitimate posts. The rest of the spam comes from more intelligent bot, but also from bots who just registered an account (and avoid any captcha). IDS won't be much effective because of the diversity of the attack sources. I portscanned a few spamming IPs. AFAICT they were not open proxies (either completely closed, or classic GNU/Linux setup with no apparent proxy). I only checked a few IPs, so this is not a definite conclusion. The use of a graphical captcha will not stop the clever spammer, not spammers who create accounts. So this solution may not work so well. About reCaptcha in particular: while this is an interesting initiative, we don't have the source code for the server-side of this solution (only for the client plugins). One of Savannah's goal is to showcase a forge running exclusively on free software. Relying on external 3rd-party services which lack source code defeats the point. (same goes for akisnet or something) Possible solutions: I'd suggest testing URL blocklists, escalating based on the presence of external URLs, and also improving post-moderation (fix rather than reject - we'll probably never get rid of 100% spam). The trace is still running so we may get more data later on. Note that this applies to Savannah in general. Savane (and more generally forges) is not widespread. Mediawiki or DotClear installations probably get a different kind of spam, both in quality and quantity ;) Suggestions? ___ Reply to this item at: http://savannah.gnu.org/support/?106304 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106352] Please import my CVS repo with rsync
Update of sr #106352 (project administration): Status:None = Done Assigned to:None = Beuc Open/Closed:Open = Closed ___ Follow-up Comment #1: Done :) ___ Reply to this item at: http://savannah.gnu.org/support/?106352 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106353] Importing SF trackers
URL: http://savannah.gnu.org/support/?106353 Summary: Importing SF trackers Project: Savannah Administration Submitted by: rrt Submitted on: Friday 25/04/08 at 23:10 Category: None Priority: 5 - Normal Severity: 3 - Normal Status: None Assigned to: None Originator Email: [EMAIL PROTECTED] Operating System: None Open/Closed: Open Discussion Lock: Any ___ Details: I read a thread about this before that seemed to come to no definite conclusion. I have a pretty simple requirement: I want to import a single tracker (Feature Requests) for my project Zile, and I only want the subjects and bodies to be accurate; I don't mind about users or other metadata (essentially they are all filed by me, and I don't care about dates). Is this possible in some automated way? If not I'll just cut and paste... ___ Reply to this item at: http://savannah.gnu.org/support/?106353 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-help-public] [sr #106349] Passwordless SSH for CVS
Follow-up Comment #2, sr #106349 (project administration): Hi, I have tried using ssh-agent as you have suggested. Following instructions here, http://www.gatsby.ucl.ac.uk/~iam23/compnotes/passwordless_ssh.html I have created an codeauthorized_keys/code file. pre [eads chestnut]$ cat ~/.ssh/id_dsa.pub | grep savannah.nongnu.org ~/.ssh/authorized_keys /pre Next, I'll run ssh-agent over a bash shell and do a cvs update. It should ask me for my password, which I am guessing is normal. pre [eads chestnut]$ ssh-agent bash [eads chestnut]$ cvs update Enter passphrase for key '/home/redfox/.ssh/id_dsa': /pre Now when I try cvs updating once more, it asks me for my password again. pre [eads chestnut]$ cvs update Enter passphrase for key '/home/redfox/.ssh/id_dsa': /pre Obviously, I'm not doing something right. Please help. Thank you. Damian ___ Reply to this item at: http://savannah.gnu.org/support/?106349 ___ Message sent via/by Savannah http://savannah.gnu.org/
[Savannah-hackers-public] [gnu.org #360646] *GNU.org downtime
Sylvain -- The report from our bandwidth partner is that a fiber amplifier failed in New York state, causing the break in upstream. Their engineers had it replaced by 6:07am (eastern US). -jag [beuc - Thu Apr 24 14:37:06 2008]: Thanks :) On Thu, Apr 24, 2008 at 02:26:25PM -0400, Joshua Ginsberg via RT wrote: Hi Sylvain -- From our monitoring here at the office, we detected a loss of connectivity at the colocation facility from about 4am to about 6:15am (eastern time). I'm in contact with the upstream provider -- I'll let you know what if anything they report. Thanks, and sorry for the inconvenience. -jag [beuc - Wed Apr 23 08:53:54 2008]: Hi, gnu.org and savannah.gnu.org were not accessible this morning (~7-13h GMT). Is there something we can say to inquiring users about it? Thanks, -- Joshua Ginsberg [EMAIL PROTECTED] Free Software Foundation - Senior Systems Administrator
