[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Sparemint Website/Build Farm



On Tue, 2006-01-31 at 04:33 +0200, Teemu Hukkanen wrote:
> Mark Duckworth <mduckworth@atari-source.com> writes:
> 
> Hi,
> 
> > I've started working on the sparemint site again since it needs much
> > more help than the SUM tool itself.  I'm adding all the nagging features
> > and changing the policies a bit.
> >
> > Anyone can create an account and upload a package without approval,
> > however established users will need to approve the package (2 other
> > users).  Yes a malicious user will be able to create multiple accounts
> > to approve their own packages, but I suspect we won't have this problem.
> > If we do, the policy can be changed.  Currently php mail() is broken on
> > my server and is locking things up a bit.  Have to fix that.
> 
> Allowing random people to upload random packages worked in 1993, now,
> it's just asking for trouble. Apart from the potential abuse with
> illegal content (ie. warez), there is the fact that people will create
> broken packages, and some of the brokenness cannot be determined unless
> the package is installed and tested.
> 

It's not random.  They will have to connect the fact that if they have
multiple accounts, they can get the job done.  I don't think we have a
whole lot of malicious users.  I wouldn't worry.  But the user
verification stuff looks to be intact so we'll be keeping it.  In order
for a new user to be allowed access, one existing and approved user
needs to approve them.  When the user uploads a package, it'll need to
be approved by two other list members (perhaps can be assigned but for
now I'll leave it so anyone can vote approval).  This will solve many
contribution issues that we have right now and no matter who is around,
will allow people who care to take control of sparemint for the better.

> > The "contact us" option will be sending an email to the mintlist to
> > which anyone can respond to the individual asking the question - if this
> > proves to be a problem we can add a simple test to prevent spambots.
> 
> Please do not create a tool for spammers, a webform is going to be
> abused as soon as it gets indexed by a search engine. It would be better
> to direct the people at the list, most mint users are already
> subscribed to it.
> 

No, it'll have basic verification.  And if the user doesn't enter a
correct email on the webform they don't deserve a response do they?  We
can always encourage them to subscribe to the list, but in the current
configuration users hit "reply to all" in their client which dupes the
original sender if subscribed, and will also hit the person who posted
the web form, even if they aren't subscribed to the mint list.  Sounds
decent to me.

> If you want people who are not subscribed to the list to use the
> webform, how do you suppose they will get the answers? You can't trust
> the e-mail addresses people provide on webforms.
> 
> > Other data could be sent to the mintlist too.  Perhaps a daily or weekly
> > build/package report.  There could be appointed testers who agree to
> > always test packages that way contributors don't hang out too long
> > waiting.
> 
> If you are going to start posting to the list automatically, please let
> me know about the posting address beforehand so that I can add it to the
> list of addresses allowed to post to the list, otherwise I will have to
> moderate all of the automatic postings.
> 
> While writing this mail three spam mails arrived to the moderation queue
> and to the list command interface. The moderation queue from the last
> three days is 63 mails, all of it is spam.

I understand the problems you face with spam, but my site won't help
bring you more.  A considerably smart thing to do might be to limit
posts to list subscribers.  The email address I'd choose for automatic
emails is noreply@sparemint.org but this can be changed as appropriate.

Incidentally I'd like input on whether you guys would like daily,
weekly, or no sparemint status at all digested to the list?  A lot of
the new data functionality will be pretty useless if it isn't shown to
anyone.  I think weekly would generate the most useful reports.

Thanks,
Mark