Moderations for modules.apache.org

[Graham Leggett <mi...@sharp.fm>]

Hi all,

I've had a module waiting to be approved at modules.apache.org for a while, anyone know who the moderator is?

Regards,
Graham
--

Re: Moderations for modules.apache.org

[Daniel Gruno <hu...@apache.org>]

On 11/9/2015, 1:54:59 PM, Graham Leggett <mi...@sharp.fm> wrote: 
> On 09 Nov 2015, at 2:41 PM, Daniel Gruno <hu...@apache.org> wrote:
> 
> > You're welcome to try to clean it up ;)
> > make a user account on the system and give me the UID of that user (the
> > ID, not the username - there are tens of thousands of users, so I can't
> > see them all in the admin interface anymore).
> 
> :)
> 
> > I am contemplating removing all users/mods and adding some recaptcha
> > stuff to it soon, but enotime right now.
> 
> Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al instances)
> 

JIRA isn't LDAP backed, FWIW.
And no, we wanted it to be open to the larger public to submit modules, not just committers. But the rub is, we are being attacked manually by actual people sending in garbage stuff, bypassing the security checks. I'm not entirely sure how to combat this, but I do have a few ideas. They require something close to a complete wipe of the database , however.

With regards,
Daniel.

> Regards,
> Graham
> —
> 
> 
------
Sent via Pony Mail for dev@httpd.apache.org. 
View this email online at:
https://pony-poc.apache.org/list.html?dev@httpd.apache.org

Re: Moderations for modules.apache.org

[Nick Kew <ni...@apache.org>]

On Wed, 2015-11-11 at 11:27 +0000, Daniel Gruno wrote:

> Does this sound like a good idea, or complete overkill?

I have long thought we might employ an alternative scheme
akin to a "planet" aggregator.  Make the module index
an aggregator from module authors providing and
maintaining their own descriptions as DOAP files.
That way an author doesn't have to go through any
manual process or moderation to update entries,
and the admin burden is reduced.

We still have to bootstrap new authors wanting us to
aggregate their DOAP URLs.  We could fully automate it
for committers by auto-approving apache.org URLs,
leaving a much reduced space for manual moderation
and still vulnerable to spam attacks.

Then we can reduce that further by requiring oauth
as you suggest.  And once the OpenMiracl podling
has a TA up-and-running, we can deploy that to
help open a wider circle of strong trust.

Just a thought.

-- 
Nick Kew

Re: Moderations for modules.apache.org

[Daniel Gruno <hu...@apache.org>]

I'm a bit slow this morning. I'm sitting here, using Pony Mail for replying, not realizing...we should use OAuth for this! It would still require a wipe of the current DB, but if we use the ASF OAuth plus maybe Google OAuth for non-committers, we should be able to allow only _actual people_ to contribute to this. :)

Does this sound like a good idea, or complete overkill?

With regards,
Daniel.

On 11/9/2015, 1:54:59 PM, Graham Leggett <mi...@sharp.fm> wrote: 
> On 09 Nov 2015, at 2:41 PM, Daniel Gruno <hu...@apache.org> wrote:
> 
> > You're welcome to try to clean it up ;)
> > make a user account on the system and give me the UID of that user (the
> > ID, not the username - there are tens of thousands of users, so I can't
> > see them all in the admin interface anymore).
> 
> :)
> 
> > I am contemplating removing all users/mods and adding some recaptcha
> > stuff to it soon, but enotime right now.
> 
> Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al instances)
> 
> Regards,
> Graham
> —
> 
> 
------
Sent via Pony Mail for dev@httpd.apache.org. 
View this email online at:
https://pony-poc.apache.org/list.html?dev@httpd.apache.org

Re: Moderations for modules.apache.org

[Graham Leggett <mi...@sharp.fm>]

On 09 Nov 2015, at 2:41 PM, Daniel Gruno <hu...@apache.org> wrote:

> You're welcome to try to clean it up ;)
> make a user account on the system and give me the UID of that user (the
> ID, not the username - there are tens of thousands of users, so I can't
> see them all in the admin interface anymore).

:)

> I am contemplating removing all users/mods and adding some recaptcha
> stuff to it soon, but enotime right now.

Is there a way to leverage LDAP at all? (Or whatever backs the JIRA et al instances)

Regards,
Graham
—

Re: Moderations for modules.apache.org

[Daniel Gruno <hu...@apache.org>]

On 11/09/2015 01:25 PM, Graham Leggett wrote:
> On 06 Nov 2015, at 6:55 PM, Daniel Gruno <hu...@apache.org> wrote:
> 
>> I'm sorry to say modules.apache.org is so bot/spam infested now, that
>> it's impossible to moderate it unless I spend more than an hour every
>> day going through all the fake modules and users added on a daily basis.
>>
>> I am contemplating scrapping it entirely, or possibly creating a new
>> system at some point, with stronger anti-spam measures.
> 
> Need a hand with moderation?
> 
> Having what looks to be the formal module search engine being frozen in time is a problem for us, it makes us look stale when we aren’t.
> 
> Regards,
> Graham
> —
> 
You're welcome to try to clean it up ;)
make a user account on the system and give me the UID of that user (the
ID, not the username - there are tens of thousands of users, so I can't
see them all in the admin interface anymore).

I am contemplating removing all users/mods and adding some recaptcha
stuff to it soon, but enotime right now.

With regards,
Daniel.

Re: Moderations for modules.apache.org

[Graham Leggett <mi...@sharp.fm>]

On 06 Nov 2015, at 6:55 PM, Daniel Gruno <hu...@apache.org> wrote:

> I'm sorry to say modules.apache.org is so bot/spam infested now, that
> it's impossible to moderate it unless I spend more than an hour every
> day going through all the fake modules and users added on a daily basis.
> 
> I am contemplating scrapping it entirely, or possibly creating a new
> system at some point, with stronger anti-spam measures.

Need a hand with moderation?

Having what looks to be the formal module search engine being frozen in time is a problem for us, it makes us look stale when we aren’t.

Regards,
Graham
—

Re: Moderations for modules.apache.org

[Daniel Gruno <hu...@apache.org>]

On 11/06/2015 05:53 PM, Graham Leggett wrote:
> Hi all,
> 
> I've had a module waiting to be approved at modules.apache.org for a while, anyone know who the moderator is?
> 
> Regards,
> Graham
> --
> 
Hi Graham,
I'm sorry to say modules.apache.org is so bot/spam infested now, that
it's impossible to moderate it unless I spend more than an hour every
day going through all the fake modules and users added on a daily basis.

I am contemplating scrapping it entirely, or possibly creating a new
system at some point, with stronger anti-spam measures.

with regards,
Daniel.