[aur-dev] cookies + suspended account
Neer Sighted
neersighted at myopera.com
Wed Feb 27 23:37:15 EST 2013
On Wed, Feb 27, 2013, at 08:33 PM, Federico Cinelli wrote:
> On Wed, 27 Feb 2013 23:26:11 +0100, Alexander Rødseth <rodseth at gmail.com>
> wrote:
> > Hi,
> >
> >
> > 2013/2/27 Angel Velásquez <angvp at archlinux.org>:
> > > For solving the problem right now -quick and dirty-, we just have to
> > > add a validation (tsk tsk anyone who wants to sum contributions can
> > > code this silly patch), if the user is suspended don't let him flag
> > > the package and actually redirect him to the logout page (to kill
> > > those cookies).
> >
> > Wouldn't he/she/they be able to just register more accounts and
> > continue flagging packages this way?
> >
> >
> > - Alexander
> So everyone know's I've renamed this mystery person... the AUR-Bandit (in
> my
> mind)
>
> Adding to, what Alexander had mentioned, No matter what we do about the
> AUR-Bandit. They (refering to any future AUR-Bandits out there as an
> entity)
> find away around it. If not to do something silly/annoying, like flag all
> of
> mine / gtmanfred's / whoever-elses aur packages out of date, then just to
> say
> that they did. I don't know, maybe I just have little faith on people
> being
> nice.
>
> I mean it's the way it's always been I guess.
> -First you had to just hit <enter>
> -Then you had a click a box before you hit <enter>
> -Then you had to click a box and make sure you scrolled through the
> entire bs
> -they wanted you to read and hit <enter>
> -Then came e-mail comfirmation
> -Then captcha's
> -Next you will have to do a forward roll, the macarena, turn the
> lightswitch
> on/off 33 times, answer security question that asks: "What is your
> great-great-great Aunt's best friend's, first stuffed animal called?"
> (and no
> hints) /o\...
>
> I think you see what I'm getting at.
>
> --
> Federico Cinelli <cinelli.federico at gmail.com>
> Arch Linux Trusted User (cinelli)
> GnuPG Key: 0xC6C11350
> "Stay true."
> Email had 1 attachment:
> + Attachment2
> 1k (application/pgp-signature)
I would suggest rate-limiting flaggings by IP and account, and then
flagging those accounts in the database for review.
That may be killing a fly with a shotgun, but stil...
--
Neer Sighted, Hacker
http://neersighted.com | neersighted at myopera.com {01DC2056}
More information about the aur-dev
mailing list