[Sugar-devel] About comments in pull requests and tickets

James Cameron quozl at laptop.org
Fri Jan 9 14:30:55 EST 2015


bugs.sugarlabs.org trac does send me mail on tickets that I reported
or have subscribed to with CC.  It doesn't send mail on a ticket if I
only comment without adding myself to CC.  I like that explicit
control, but if you need to change it feel free.

On the trac instance at dev.laptop.org we solved the spam problem:

- ensure that registration of new users were notified to me,

  (configure "Accounts: Notification Configuration", "Notification
  Actions", "Get notified of new account creation", and add my mail
  address to "Notification Recipient Addresses")

- begin deleting spam users, and then with slip of the mouse
  accidentally delete all users, apologise everywhere, and encourage
  re-registration,

  (this happened 2014-04, and the spam robots were the first back)

- ensure that users must verify their email addresses,

  (configure "Accounts: Configuration", "Verify email", "Force users
  to verify their email addresses.")

  (this reduced the robotic attack, leaving advanced multi-site e-mail
  account registering robots to continue)

- ensure that users must be authenticated (and therefore verified)
  before they can write,

  (configure "General" -> "Permissions"; "Manage Permissions and
  Groups", "anonymous" has only _VIEW actions, and "authenticated" has
  TICKET_CREATE, TICKET_EIT_CC, TICKET_MODIFY)

- change the registration page to enable a parole question,

  (this eliminated the multi-site e-mail capable robots, leaving the
  human driven attacks by people paid to do search engine optimisation
  to continue)

- change the parole question to require comprehension, research, and
  then complex thought on cost benefit analysis,

  (see http://dev.laptop.org/~quozl/z/1Y9f9B.txt for the patch, and in
  a new private window open https://dev.laptop.org/register to see
  the result)

The user list is now only the active participants, and none of the
robotic attacks

The trac instances are both on the same version now, so you can use my
configuration and patch.

-- 
James Cameron
http://quozl.linux.org.au/


More information about the Sugar-devel mailing list