Re: Discussion on Salsa account creation for newcomers during on-site events
On 17792 March 1977, Jongmin Kim wrote:
We experienced the following three blocking cases during a recent
on-site
event.
As like contributors.debian.org, there could be an automatic
account-approval process (e.g. form) available at least to DDs:
[Claim identifiers for $UID]
https://contributors.debian.org/claim/$UID/
Such a feature would greatly improve the smooth running and timing of
on-site events to gather new contributors.
In general there is nothing to say against a process where an existing
DD could vouch for a new signup on salsa.
Gitlab has an API that allows one to do so.
I can imagine a webapp where a DD can approve (or deny) requests. That's
basically what we salsa admins currently do (well, mostly with a script,
but that uses the Gitlab API thing). Only, we do have admin rights, and
we do not want to hand those to each and every DD, obviously, and as far
as I can see, it is currently bound to that admin role.
So if you (or someone) comes up with a standalone webapp that we can run
on some .d.o host that allows the user approval step (and writes some
logs about it) for anyone who is a DD - I do think it has a good chance
of getting run. It would take much pretty boring work away from us.
Basic requirements:
- Does *NOT* patch gitlab in any way. Runs externally on some web
server and only uses gitlab API, that is, is entirely independent of
the actual gitlab instance.
- Does some verification that the user using it is actually a DD.
- Keeps logs of the actions.
There might be more requirements, this is just quick thinking, and its
only me speaking, not yet the rest of the team. But I'm in favor, if its
implemented with care.
For the short term until such a thing exists: Yes, it is easy to get
caught in our spamfiltering. We do get a LOT of crap registrations, so
we have some heuristics we apply. And yes, they do catch real people.
Unlike spam messages, where the body to look at and decide is much
larger, we only have a combination of a name, mail address and username
field. Now, tell me what you think of a user "ronnie1882", name "Ronnie
Ron" and mail "ronnie1882@gmail.com"? (Entirely made up, this one, btw).
Replace name with "Miles Cowper", what now? And this doesn't even take
in the whole asian part, where the actual names do not fit well into
username or email and people select something seemingly random where
nothing matches anything anymore.
Thats why we have the "tell us", and as soon as that happens, we
basically skip any check, you are in.
So maybe adjust the "We tell them to register" to a "We tell them to
register AND drop a note in #salsa on OFTC" (please don't jump too much
on mail. Automating a mail sending to us is way easier for spambots than
talking on IRC). We do take into account what we see on IRC, so if you
tell us your username there, next one of us running through the list
will approve it then. (Just be patient, it's not instant approval).
(For those not believing it: We have hundreds of bogus domains that we
do not even look at anymore. Entire spam crap, direct reject. Entirely
made up addresses names and usernames. So just mail approval wont do it,
thats too easy to get around).
--
bye, Joerg
Reply to: