[webkit-dev] SPAM on trac.webkit.org

Lucas Forschler lforschler at apple.com
Thu Apr 21 10:30:53 PDT 2016 

Hello everyone,

I’d like to follow up on the current wiki situation.

In the past, any authenticated trac.webkit.org user was allowed to modify or create wiki entries. However, with the recent spam infiltration, this is no longer viable. To solve this, I’ve removed WIKI_MODIFY and WIKI_CREATE permissions from the authenticated users group. This seems to have eliminated spam from making it to the wiki pages.

We currently have a ‘developer' group on trac, which contains all members with svn committer privileges.  This group has WIKI_MODIFY and WIKI_CREATE permissions. Using this mechanism means only users with svn committer privileges are now allowed to create or modify wiki entries. I am hoping this will be sufficient moving forward. I do understand that there may be folks who contribute to WebKit, but are not svn committers. If there is sufficient desire, I can investigate another level of access. 

Please let me know if you have any concerns.

thanks,
Lucas


> On Apr 18, 2016, at 3:54 AM, Lucas Forschler <lforschler at apple.com> wrote:
> 
> Hi Michael,
> 
> The problem was not specific to your account, but to all new accounts created recently.
> I believe this has been fixed. Please let me know if you have any issues. 
> 
> Lucas
> 
> 
> 
>> On Apr 18, 2016, at 1:48 AM, Lucas Forschler <lforschler at apple.com> wrote:
>> 
>> HI Michael,
>> 
>> I do see you are listed as an svn committer, but it is unclear to me how this migrates to trac’s group permissioning system.
>> I may have been wrong about all committers being in the developer group. I will need to research this mechanism a bit more.
>> Lucas
>> 
>>> On Apr 17, 2016, at 8:33 AM, Michael Catanzaro <mcatanzaro at igalia.com> wrote:
>>> 
>>> On Sun, 2016-04-17 at 06:44 -0700, Lucas Forschler wrote:
>>>> I believe the spam is coming only from users who are not identified
>>>> as developers (committers). Therefore, I’ve re-enabled WIKI_CREATE
>>>> and WIKI_MODIFY permissions to the trac ‘developer’ group. 
>>>> This will keep the wiki locked down to those with committer access,
>>>> and not be as open as we would prefer. Moving forward, we should
>>>> decide which mechanism we’d like to use to help prevent spam.
>>> 
>>> Perhaps I was never added to the developer group, as I can't edit the
>>> wiki anymore. Could you look into this Lucas?
>>> 
>>> Thanks,
>>> 
>>> Michael
>> 
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> https://lists.webkit.org/mailman/listinfo/webkit-dev
> 
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev

More information about the webkit-dev mailing list