On 01-09-2024 12:26, Levente Polyak wrote:
Sep 1, 2024 11:49:46 Morten Linderud <foxboron@archlinux.org>:
I think it's important to specify how the moderation capabilities are. Public paste services are *bounds* to be abused and can distribute malicious files and illegal files. This needs to be dealt with and should probably not cause too much friction.
This is also my main concern, both in terms of users as well as putting more burden on devops to comply with official complaint requests that come in through the hosting provider.
So if we want to see something like this, I strongly recommend we put in some measures. I'd like to see a proper moderation tool, as well as a native way to report a violation, so it's easy to moderate. On top, I'd like to see this being connected to our keycloak via OIDC as an identity provider, much like Ubuntu One does, not allowing arbitrary unauthenticated use. Massively limit the maximum upload size to something like 1MB, or even less, would also be advised, we really shouldn't be a file hosting provider, but an Arch text paste service if at all.
It's certainly helpful and nice to have a paste service to quickly share a config, snippet, error log or similar, but I'm very concerned about the potential of misuse beyond this. I understand this all may go way beyond a simple "let's host rustypaste" idea, I don't really want to exhaust our devops team even more with such tasks, and we also had reasons to lock down our hedgedoc to a staff only service.
+1 For users there are plenty of pastebin alternatives, for staff we can use md.archlinux.org to share notes, pastes. Regarding abuse, see for example what 0x0.st does against detecting awful nsfw content https://git.0x0.st/mia/0x0