[aur-dev] cookies + suspended account

[Alexander Griesbaum]

On Fri, Mar 1, 2013 at 2:37 AM, canyonknight <canyonknight at gmail.com> wrote:

> On Thu, Feb 28, 2013 at 6:30 PM, Alexander Griesbaum <agrsbm at gmail.com>
> wrote:
> > On Tue, Feb 26, 2013 at 8:20 PM, Daniel Wallace <
> danielwallace at gtmanfred.com
> >> wrote:
> >
> >> Hello,
> >> I have been having to deal with some idiot who is pissed off in the aur
> >> for some reason.  He keeps marking all my packages out of date.  And
> >> somehow he is able to continually do this even after I have suspended
> >> his account.  I am not sure if this is because of the cookie still
> >> working and him still being logged in.
> >>
> >> Would it be possible to add captchas to flag packages out of date, or to
> >> make it so that suspending an account kills the cookie?
> >
> >
> >
> > Maybe I missed something...
> > I want to get back to the fact, that the user could flag packages after
> he
> > was suspended. In January, canyonknight committed a patch for this
> > specific problem[1]:
> > "A suspended user can stay in active sessions. Introduce new function
> > delete_user_sessions to remove all open sessions for a specific user.
> > Allows suspensions to take effect immediately."
>
> Yes, that patch should immediately suspend a user account. There
> hasn't been a new AUR release since that was committed, so I don't
> believe it was applied to the official AUR setup.
>

Ah you're right, didn't check that. So THIS issue will be solved with the
next
release I guess.



> Thanks for confirming that my patch works!
>

You're welcome.
--

IP banning sounds nice, but is this often needed? I don't know how many
spammers are there in a month/ a year. Perhaps it would measure up the
needs if one make flagging many packages in a very short time as hard as
possible and have the possibility to roll back user actions easily.
I don't know if this whole thing of abusing rights is a huge problem at
all, I'm
new to this.