[aur-dev] cookies + suspended account

Jelle van der Waa jelle at vdwaa.nl
Fri Mar 1 09:53:36 EST 2013 

On 01/03/13 09:40, Alexander Griesbaum wrote:
> On Fri, Mar 1, 2013 at 2:37 AM, canyonknight <canyonknight at gmail.com> wrote:
> 
>> On Thu, Feb 28, 2013 at 6:30 PM, Alexander Griesbaum <agrsbm at gmail.com>
>> wrote:
>>> On Tue, Feb 26, 2013 at 8:20 PM, Daniel Wallace <
>> danielwallace at gtmanfred.com
>>>> wrote:
>>>
>>>> Hello,
>>>> I have been having to deal with some idiot who is pissed off in the aur
>>>> for some reason.  He keeps marking all my packages out of date.  And
>>>> somehow he is able to continually do this even after I have suspended
>>>> his account.  I am not sure if this is because of the cookie still
>>>> working and him still being logged in.
>>>>
>>>> Would it be possible to add captchas to flag packages out of date, or to
>>>> make it so that suspending an account kills the cookie?
>>>
>>>
>>>
>>> Maybe I missed something...
>>> I want to get back to the fact, that the user could flag packages after
>> he
>>> was suspended. In January, canyonknight committed a patch for this
>>> specific problem[1]:
>>> "A suspended user can stay in active sessions. Introduce new function
>>> delete_user_sessions to remove all open sessions for a specific user.
>>> Allows suspensions to take effect immediately."
>>
>> Yes, that patch should immediately suspend a user account. There
>> hasn't been a new AUR release since that was committed, so I don't
>> believe it was applied to the official AUR setup.
>>
> 
> Ah you're right, didn't check that. So THIS issue will be solved with the
> next
> release I guess.
> 
> 
> 
>> Thanks for confirming that my patch works!
>>
> 
> You're welcome.
> --
> 
> IP banning sounds nice, but is this often needed? I don't know how many
> spammers are there in a month/ a year. Perhaps it would measure up the
> needs if one make flagging many packages in a very short time as hard as
> possible and have the possibility to roll back user actions easily.
> I don't know if this whole thing of abusing rights is a huge problem at
> all, I'm
> new to this.
> 
IP banning won't work with TOR.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-dev/attachments/20130301/fd9dc7e5/attachment-0001.asc>

More information about the aur-dev mailing list