AUR web interface

Tasklist

FS#17222 - Defend AUR out-of-date notification method from spammers.

Attached to Project: AUR web interface
Opened by Laszlo Papp (djszapi) - Friday, 20 November 2009, 22:25 GMT
Last edited by Lukas Fleischer (lfleischer) - Thursday, 12 July 2012, 06:00 GMT
Task Type Feature Request
Category Backend
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Low
Priority Normal
Reported Version 1.6.0
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

I saw yesterday in case of core/extra/community packages that when I'd
like to flag a package as out-of-date, I need for a confirmation, to
fill a form. Maybe it would be a good idea for AUR/unsupported
packages too (with captcha if possible).

Maybe this thread can help:
http://mailman.archlinux.org/pipermail/aur-general/2009-October/006764.html
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Thursday, 12 July 2012, 06:00 GMT
Reason for closing:  Won't implement
Additional comments about closing:  No need for this. Reopen if this becomes a real issue.
Comment by Ionut Biru (wonder) - Friday, 20 November 2009, 22:56 GMT
spammers have to register first to flag packages out of date.
Comment by Laszlo Papp (djszapi) - Friday, 20 November 2009, 23:04 GMT
It's true, but it's not a big task :) Otherwise there was a discussion on the aur-general mailing list about a maniac (or more?) person who used out-of-date notification for his joke, IP blacklist isn't a real solution here, meanwhile I think to implement that Aaron Griffin implemented it's the best way in this situation, maybe I will deal with it in AUR2 too.
Comment by Loui Chang (louipc) - Sunday, 22 November 2009, 08:49 GMT
What idea was that? The "check this box if you are a bot" idea?
Captchas or anti-bot measures, or even email validation won't protect from disgruntled user spammers.
So, I'm thinking this is a useless measure.
Comment by Laszlo Papp (djszapi) - Sunday, 22 November 2009, 09:00 GMT
Okay, example:
http://www.archlinux.org/packages/flag/26793/

I think something similar would be useful to reduce the out-of-date spams, a lot of users complaint about it recently, and I don't have better idea than this one that Aaron implemented in the case of official repositories (core/extra/community). It won't protect from the spammers in 100%, but lesser spammers will be I think so, and it's not a bug task to implement for the sake of security/protection.
Comment by Laszlo Papp (djszapi) - Sunday, 22 November 2009, 09:08 GMT
typo -> it's not a big task to implement it for the sake of security/protection
Comment by Lukas Fleischer (lfleischer) - Friday, 21 January 2011, 15:01 GMT
  • Field changed: Task Type (Bug Report → Feature Request)
This should be a feature request.
Comment by Lukas Fleischer (lfleischer) - Wednesday, 20 April 2011, 16:06 GMT
I don't see any reason in implementing this yet. If there really is any abuse, it should be reported to aur-general, so that TUs can take action and eventually disable spammer's user accounts. Adding additional captchas here only makes sense if there's massive spamming...

Loading...