incubator-bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary <gary.mar...@wandisco.com>
Subject Re: Suspicious ticket raised
Date Fri, 11 May 2012 11:49:15 GMT
On 05/11/2012 09:48 AM, Greg Stein wrote:
> On Fri, May 4, 2012 at 4:58 AM, Gary<gary.martin@wandisco.com>  wrote:
>> Hi
>>
>> Sorry to seem so suspicious but I guess everyone would be surprised if this
>> turned out to be a genuine ticket. I am going to assume that it is
>> malicious. Unless anyone can provide me with a good reason to do otherwise,
>> I will close the account and find a way of dealing with the ticket. Until
>> then I suggest that nobody visits the link in the ticket.
>>
>> I realise that this is, so far, an isolated case at this point but we should
>> probably consider an appropriate procedure for dealing with these
>> situations, unless there is already a policy given by the ASF.
> There's no special policy. This was obviously spam... you're right in
> just closing the thing. "Closing as invalid."
>
> (theoretically, somebody trying to open a valid ticket would re-open)
>
> Cheers,
> -g

Good to know, thanks.

We got a couple of spam events this morning too, this time in the wiki. 
To deal with this, I have temporarily reduced the permissions for the 
general authenticated group of users and added all accounts to an 
additional group that provides the edit and create permissions.

I am not advocating at this point that this should become our default 
policy and, unless this is actually seen as a better policy, I expect to 
return edit and create permissions to all authenticated users in the 
near future. One consequence of leaving the permissions in this state is 
that a new registration will also need to ask for the edit permissions 
to be added to their account.

Cheers,
     Gary

Mime
View raw message