[opensuse-project] huge amount of SPAM on opensuse-connect
Hello dear fellow opensuse-enthusiasts! I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project. Who is in charge of it? I think we should deal with it. cheers Alex -- ** Jabber thalunil@kallisti.at **
AFAIK Connect was declared soon to be dead some time ago.
Perhaps the way to deal with the spam is to pull the plug ASAP?
On 2/20/19, Alex Christoph Bihlmaier
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex -- ** Jabber thalunil@kallisti.at **
-- Maurizio Galli (MauG) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 20/02/2019 10.48, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
I don't see spam there, the page has not been hacked as far as I can see. https://connect.opensuse.org/ Besides that, I don't know if the site is working or maintained. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Hi Carlos, On 2/20/19 2:13 PM, Carlos E. R. wrote:
I don't see spam there, the page has not been hacked as far as I can see.
I think Alex was referring to the following type of content when he mentioned "spam": https://connect.opensuse.org/pg/groups/68150/startup-ideas-with-low-investme... You'll find many like such. Regards, Ish Sookun -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
AFAIK Connect was declared soon to be dead some time ago.
Best,
Maurizio Galli (MauG)
On 2/20/19, Alex Christoph Bihlmaier
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex -- ** Jabber thalunil@kallisti.at **
-- Maurizio Galli (MauG) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 20/02/2019 11.19, Ish Sookun wrote:
Hi Carlos,
On 2/20/19 2:13 PM, Carlos E. R. wrote:
I don't see spam there, the page has not been hacked as far as I can see.
I think Alex was referring to the following type of content when he mentioned "spam":
https://connect.opensuse.org/pg/groups/68150/startup-ideas-with-low-investme...
You'll find many like such.
I never go there, didn't even know it existed. :-o I think then that the entire thing should be killed, as it is not maintained. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job. It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch: The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect. A replacement setup needs to be created, not on Connect, and without the Social Media notion. It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so. Until someone steps up to take on that task, we are stuck with it the way it is. -- -Gerry Makaro openSUSE Board Elections Committee (election-officials **at** openSUSE.org) openSUSE Member openSUSE Global Moderator openSUSE Contributor YaST Contributor aka Fraser_Bell on the Forums, OBS, IRC, and mail at openSUSE.org Fraser-Bell on Github -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 20/02/2019 22.47, Fraser_Bell wrote:
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job.
It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch:
The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect.
A replacement setup needs to be created, not on Connect, and without the Social Media notion.
It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so.
Until someone steps up to take on that task, we are stuck with it the way it is.
Can the posting be blocked? -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 21/02/2019 08:17, Fraser_Bell wrote:
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job.
It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch:
The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect.
A replacement setup needs to be created, not on Connect, and without the Social Media notion.
It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so.
Until someone steps up to take on that task, we are stuck with it the way it is.
If someone wants to work on this it really wouldn't be hard, the last board discussed it in our face 2 face then I guess ran out of time to do something. Given our new membership rules require much less checking, the new process could be as simple as a mailing list where people request membership stating why they should have it, then a member of the membership committee could approve the request presuming it meets the requirements and add there handle, email, preferred 0.0 email address and irc cloak to a google docs spreadsheet then a member of the hero's could be contacted to setup the mail forwarder and irc cloak. Only the Membership committee and Board would have access to the spreadsheet. Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Thu, 21 Feb 2019 at 09:35, Maurizio Galli (MauG)
AFAIK Connect was declared soon to be dead some time ago.
Perhaps the way to deal with the spam is to pull the plug ASAP?
Pull the plug without a replacement for the Membership and the Membership application process and we'll be on course for not electing a new Board and having a constitutional crisis in the future https://en.opensuse.org/openSUSE:Membership_officials#Process describes the current process and the requirements for such a replacement.
On 2/20/19, Alex Christoph Bihlmaier
wrote: Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex -- ** Jabber thalunil@kallisti.at **
-- Maurizio Galli (MauG) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 21/02/2019 09:34, Simon Lees wrote:
On 21/02/2019 08:17, Fraser_Bell wrote:
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job.
It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch:
The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect.
A replacement setup needs to be created, not on Connect, and without the Social Media notion.
It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so.
Until someone steps up to take on that task, we are stuck with it the way it is.
If someone wants to work on this it really wouldn't be hard, the last board discussed it in our face 2 face then I guess ran out of time to do something.
Given our new membership rules require much less checking, the new process could be as simple as a mailing list where people request membership stating why they should have it, then a member of the membership committee could approve the request presuming it meets the requirements and add there handle, email, preferred 0.0 email address and irc cloak to a google docs spreadsheet then a member of the hero's could be contacted to setup the mail forwarder and irc cloak. Only the Membership committee and Board would have access to the spreadsheet.
Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it.
You can do that with a nextcloud instance. So the question would be if someone wants to set that up and maintain it... Or you create an internal email list for board + heroes where you post such requests. Regards, Matthias -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Thu, 21 Feb 2019 at 10:02, Matthias Brugger
Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it.
You can do that with a nextcloud instance. So the question would be if someone wants to set that up and maintain it...
Or you create an internal email list for board + heroes where you post such requests.
The Board absolutely do not have anything to do with approving Memberships - that would be a rather large conflict of interest, selecting who would be empowered to vote for them ;) That's why we have a Membership Committee - https://en.opensuse.org/openSUSE:Membership_officials#Process -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Hi Sorry for the long Email below, but the topic is triggering something in me that I can not hold any longer. Before you proceed reading, please note that I am speaking here as openSUSE member, not more, not less. I also don't want to attack anyone personally, just want to make clear where I see problems from my personal point of view. On Thu, 21 Feb 2019 09:39:11 +0100 Richard Brown wrote:
On Thu, 21 Feb 2019 at 09:35, Maurizio Galli (MauG)
wrote: AFAIK Connect was declared soon to be dead some time ago.
Perhaps the way to deal with the spam is to pull the plug ASAP?
Pull the plug without a replacement for the Membership and the Membership application process and we'll be on course for not electing a new Board and having a constitutional crisis in the future
https://en.opensuse.org/openSUSE:Membership_officials#Process describes the current process and the requirements for such a replacement.
Getting a replacement should not be that hard. I could imagine anything from a Next-/Owncloud instance (with nice, additional features) over to something designed especially for membership management tasks like https://www.admidio.org/ for example. But I see another, real problem: the amount of people willing to administrate and maintain all the infrastructure behind openSUSE is meanwhile down to less than a handful of people - and those need to be real super heroes as meanwhile they do not only need to administrate the "backend stuff" (means: operating systems, storage & network stuff) but ALSO all the running applications. I don't know how they manage all this in their spare time, but they have my deepest respect and I wish there would be more volunteers. If you want to get an idea about the current status, just take the systems listed at https://status.opensuse.org/ (and keep in mind that there are many more systems in the backend that are not listed there): * download.o.o -> maintained by one person, if I'm right * planet.o.o -> more or less unmaintained - old, outdated software * etherpad.o.o -> running outdated version, unmaintained * icc.o.o -> down since weeks now, and nobody cares * lizards.o.o -> 4.7.5 vs. 5.0.3 including security problems (please correct me here, if I'm wrong) * news.o.o -> at least the current version, but updates are happening only on special request * features.o.o -> luckily to be shut down soon * progress.o.o -> old, outdated * connect.o.o -> old, outdated - topic of this thread ... To me it looks like more or less everything which is currently not in scope for SUSE employees is unmaintained. Please note: this should not be an attack to anyone - especially not to the openSUSE heroes, who do their best to keep the systems up and running - but the openSUSE community should IMHO decide sooner than later IF and HOW these systems should be handled in the future. Most of the web-applications listed above started because of enthusiastic community members who invested a lot of their spare time into this. They learned a lot and others found their work useful - everybody had a lot of fun during these days. But live goes on, and people start having other interests and went away. Others still find the systems useful and want to use them - they became legacy. From my point of view, openSUSE as community is very bad in managing those legacy systems. While for some of them (like crashdb.o.o) the right approach was taken and the systems were shut down, others are still there and need someone who takes care. We have an infrastructure policy [1] that says: "All running servers will be evaluated every 6 month to determined continued need for the services provided. If a service is deemed outdated or the server hosts content that may no longer be needed the maintainer on record will be contacted to provide additional details. If no response is received within a 2 week period the server will be shut down." So either we - as community - decide to delete this sentence completely (as we do not want to follow the policy), or we allow our openSUSE heroes to follow the policy and shut down the services listed above. Sounds simple and consequent, right? If there is a need, requested from whomever (and from my personal history I know the board resp. the membership committee is asking again and again to keep connect.o.o alive), this person/group either has to invest the time and resources to keep the service in question up-to date, secure and alive or had to agree that they need to search for something else and find someone who takes over the administration. I personally left the openSUSE heroes for many reasons. But one reason clearly was that I did not want to take over the responsibility for services that I did not set up/developed or have any interest in. Many users seem to anticipate that "keeping a service up and running" is very easy. I say: no, it isn't. Keeping a service not only available but secure and adjusted to changes (like PHP5 -> PHP7 or Ruby 2.3 -> 2.5 as example) needs time and knowledge. Of course, you could re-install it or re-deploying your docker image every time it has been hacked, but my personal demands are way higher than that. So: saying that we need to keep old, outdated, already spammed services up and running "because our users - or better, a small group of users - want or need them" -- fully inheriting the risk of security and data breaches (how many people have their personal data stored in connect?) is not the way I can support. Not the way I can accept. Not the way I want to see openSUSE running and handling the personal data of the own community. I already took the consequences and stepped back from the openSUSE heroes. Looks like I need to step back as openSUSE member as well, as this is really nothing I want to be involved with. openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone. Just my 2 cents, Lars -- [1]: https://en.opensuse.org/openSUSE:Infrastructure_policy -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 21/02/2019 09.34, Simon Lees wrote:
On 21/02/2019 08:17, Fraser_Bell wrote:
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job.
It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch:
The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect.
A replacement setup needs to be created, not on Connect, and without the Social Media notion.
It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so.
Until someone steps up to take on that task, we are stuck with it the way it is.
If someone wants to work on this it really wouldn't be hard, the last board discussed it in our face 2 face then I guess ran out of time to do something.
Given our new membership rules require much less checking, the new process could be as simple as a mailing list where people request membership stating why they should have it, then a member of the membership committee could approve the request presuming it meets the requirements and add there handle, email, preferred 0.0 email address and irc cloak to a google docs spreadsheet then a member of the hero's could be contacted to setup the mail forwarder and irc cloak. Only the Membership committee and Board would have access to the spreadsheet.
Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it.
I understand that is what is needed for the new thing. But what is needed to clear the spam on opensuse-connect, which is the current thread subject? If I were to volunteer for that, what would I need to do? It seems to me that it is another forum. I know nothing of maintaining a forum in order to reduce spam, so all I can think of is manually deleting posts and killing those posters, but if they keep coming I have no idea how to block them. If the things to do involve maintaining that software, I know nothing about that software. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On Thu, 21 Feb 2019 at 11:01, Lars Vogdt
openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
I wholeheartedly agree, which is why the recent changes to the process and requirements for new "tooling" written as loosely as they were. (pen and paper is a "tool") We took great care to make sure the door is wide open for innovative solutions to the problem. But, the problem should not be exacerbated by the actions of other contributors. That's simple good behaviour under our Guiding Principles. To give an equivalent example. Badly maintained package gets removed from our distributions. In these cases, the maintainer is expected to drive forward the situation, meaning the maintainer is expected to announce the intention of removing the package, the maintainer is expected to drive the mitigation of the removal of the package. That might mean talking to others and encouraging them to take on the problem, that might mean posting general calls for help on the mailinglists. I think those expectations carry out to situations like this just as well. Like a key package in our distributions, connect.o.o provides a key service upon which the entire governance structure of this Project is built upon. If people in the community want to shut connect.o.o down, the idea should be entertained, but the people wishing that need to drive the solution. I think there is no suggestion that such an idea isn't justified. But despite the justification, the implications need to be considered also (like those I've stated in this thread) Those wishing to shut down connect.o.o need to propose and be prepared to implement a replacement that mitigates those implications, be those technical, pen or paper, or pidgeon based. As we're talking about changes to the Governance structure, any such changes need to be done with the consent of the project as a whole. Our rules would require such constitutional changes to either be executed after a Membership Vote on any proposals, or we do have provision in the rules for the Board to decide on such topics if they have a 2/3rd majority. We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members. Quite often, when other topics with a Project-wide impact but no clear owner, such things end up on the Board's desk, as the escalation point of last resort. But we're talking about the very process which selects who can vote for the Board. I think that provides an ethical conflict of interest that should disqualify the Board from having a leading role in driving a solution to this problem. The Board shouldn't be in a position to define the pool which can vote for it. That undermines the whole concept of the Board being answerable to the Membership. This is why the Board's changes to the Membership process to date were a compromise - we reworded things to make alternative processes to connect.o.o a possibility, but it would be egregious if the Board redefined the process in a material way that impacted the Membership significantly without the consent of the Project as a whole. The Membership is meant to be a body representative of the project as a whole, therefore I feel this problem is something best handled by the Project as a whole, so this is a good discussion to have right here. This isn't the first time I've asked this question on a public stage, but in the hope that this time I get an answer; Who volunteers to tackle the problem with connect.o.o and drive forward a solution? -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 21/02/2019 19:32, Matthias Brugger wrote:
On 21/02/2019 09:34, Simon Lees wrote:
On 21/02/2019 08:17, Fraser_Bell wrote:
On 2/20/19 1:48 AM, Alex Christoph Bihlmaier wrote:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
Who is in charge of it? I think we should deal with it.
cheers Alex
Nobody is willing to take charge of it: Short answer, complaints are made -- especially on the mailing lists -- but nobody will step up to do the job.
It has long been known that the openSUSE Board and other overworked Contributors have agreed that Connect should be closed, but there is a catch:
The only system for managing the openSUSE Membership and the list of openSUSE Members is Connect.
A replacement setup needs to be created, not on Connect, and without the Social Media notion.
It will require a secure database of the Members, so it can be checked for who qualifies for voting privileges, for example, plus a way for Contributors to apply for Membership, and a way for those who are permitted to check Memberships to be able to do so.
Until someone steps up to take on that task, we are stuck with it the way it is.
If someone wants to work on this it really wouldn't be hard, the last board discussed it in our face 2 face then I guess ran out of time to do something.
Given our new membership rules require much less checking, the new process could be as simple as a mailing list where people request membership stating why they should have it, then a member of the membership committee could approve the request presuming it meets the requirements and add there handle, email, preferred 0.0 email address and irc cloak to a google docs spreadsheet then a member of the hero's could be contacted to setup the mail forwarder and irc cloak. Only the Membership committee and Board would have access to the spreadsheet.
Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it.
You can do that with a nextcloud instance. So the question would be if someone wants to set that up and maintain it...
Well possibly a bigger question is does the openSUSE project have any hardware capable of / accessible to the hero's to install such an instance.
Or you create an internal email list for board + heroes where you post such requests.
The problem is storing the data, in a controlled way but having a mailing list for the request part is easy. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Hi, I fully agree with everything but:
But we're talking about the very process which selects who can vote for the Board.
Really? Of course it's a technical step of the whole process. But registering somewhere else instead of connect.o.o doesn't interfere with the process of joining openSUSE in any way. I mean, even just sending some links to contributions via email to the Membership Committee would give the same final result. Or am I getting something totally wrong there?
Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
As another aspect and to emphasise Lars' writings here I'm just throwing in the GDPR here. Anyone wanting to face the music for the stored data on such insecure systems? Especiall *personal* data? This whole topic is not only about work that needs to be done but also about responsible acting as a community. Regards, vinz. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Hey, Le jeudi 21 février 2019, à 11:41 +0100, Richard Brown a écrit :
On Thu, 21 Feb 2019 at 11:01, Lars Vogdt
wrote: openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
I wholeheartedly agree, which is why the recent changes to the process and requirements for new "tooling" written as loosely as they were. (pen and paper is a "tool") We took great care to make sure the door is wide open for innovative solutions to the problem. But, the problem should not be exacerbated by the actions of other contributors. That's simple good behaviour under our Guiding Principles. To give an equivalent example.
Badly maintained package gets removed from our distributions. In these cases, the maintainer is expected to drive forward the situation, meaning the maintainer is expected to announce the intention of removing the package, the maintainer is expected to drive the mitigation of the removal of the package.
That might mean talking to others and encouraging them to take on the problem, that might mean posting general calls for help on the mailinglists.
I think those expectations carry out to situations like this just as well.
Like a key package in our distributions, connect.o.o provides a key service upon which the entire governance structure of this Project is built upon.
You're describing the graceful way of retiring a package / service. But when the graceful way has been failing for years (which is the case here), I think it's fair to just retire the thing and deal with the consequences in a reactive way. [...]
As we're talking about changes to the Governance structure, any such changes need to be done with the consent of the project as a whole. [...]
This is not a change to the governance structure; it's a change in where and how information is stored. The governance structure would not be impacted by this -- or if it would, can you elaborate how? [...]
We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members.
If the relevant info is exported, why would we not have any project members anymore?
Quite often, when other topics with a Project-wide impact but no clear owner, such things end up on the Board's desk, as the escalation point of last resort. But we're talking about the very process which selects who can vote for the Board.
No. We're not talking about the criteria that are used to evaluate if somebody should be a member or not. We're talking about a tool that is used to facilitate the work of the membership officials. And honestly, if we're concerned by a conflict of interest, the first thing to change would be this: "Membership officials are appointed by the openSUSE Board." [...]
This isn't the first time I've asked this question on a public stage, but in the hope that this time I get an answer; Who volunteers to tackle the problem with connect.o.o and drive forward a solution?
I would give this request a deadline of a week or two max, and then simply export the data and shut down connect.o.o. Yes, it'll be painful for the membership officials (and I'm sorry for this, as playing that role is already something that doesn't bring much recognition). But I trust the membership officials would find a way to deal with this. Cheers, Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 2/21/19 2:23 PM, Vincent Untz wrote:
This isn't the first time I've asked this question on a public stage, but in the hope that this time I get an answer; Who volunteers to tackle the problem with connect.o.o and drive forward a solution?
I would give this request a deadline of a week or two max, and then simply export the data and shut down connect.o.o.
Just a technical side note. The Travel Support Program application would need to be tweaked to stop getting some profile information from connect.o.o and start asking for that information directly (it's just a configuration value). https://connect.opensuse.org/travel-support On the other hand, it actually lives in the same server right now. Just take that into account if "shut down connect.o.o" means shutting down the server itself. In short, connect.o.o and TSP app are independent applications, but are hosted together and occasionally talk to each other (although that's optional). Just take that into account. Cheers. -- Ancor González Sosa YaST Team at SUSE Linux GmbH -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 21/02/2019 à 14:23, Vincent Untz a écrit :
I would give this request a deadline of a week or two max, and then simply export the data and shut down connect.o.o.
I support this, also because we just have a new board, so we have time to solve the problem before next ballot jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Thu, 21 Feb 2019 11:41:19 +0100 Richard Brown wrote:
We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members.
I completely disagree with you here. The world will not fall apart if OBS would not be there any longer. Think about other distributions who are able to release without OBS. openSUSE might be delayed and things might need some manual work, but releasing a distribution is not depending on a single tool. As such, maintaining 447 [1] openSUSE members should not depend on a single tool. Especially not if the used tool has open, well known security issues since years[2].
This isn't the first time I've asked this question on a public stage, but in the hope that this time I get an answer; Who volunteers to tackle the problem with connect.o.o and drive forward a solution?
I made my proposal already and I stand the point: shut down an insecure system! With connect.o.o still online, there is no real need to think about any alternative, as people always come up and say: "Hey, yes, we might need to discuss this somewhere in the future. But for now, let's use what we have". The discussion to shut down connect.o.o is now more than a year old (at least from what I found in public documents[3]). With the openSUSE board and especially the openSUSE Chairman telling the administrators over and over again that openSUSE will die if connect.o.o is down, I see no way out of this situation. Lars -- [1]: visible to logged in users here: https://connect.opensuse.org/pg/groups/111/opensuse-members/ [2]: ELGG version used, according to the headers: 1.7.10 https://www.cvedetails.com/vulnerability-list/vendor_id-11507/product_id-211... ^ note that this is the result of a 3 seconds google search and not a real audit. [3]: https://en.opensuse.org/openSUSE:Heroes/Meetings/20180303_Summary -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 21/02/2019 à 15:32, Lars Vogdt a écrit :
As such, maintaining 447 [1] openSUSE members should not depend on a single tool. Especially not if the used tool has open, well known security issues since years[2].
use "galette"? free membership management :-) jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 21/02/2019 à 15:37, jdd@dodin.org a écrit :
Le 21/02/2019 à 15:32, Lars Vogdt a écrit :
As such, maintaining 447 [1] openSUSE members should not depend on a single tool. Especially not if the used tool has open, well known security issues since years[2].
use "galette"?
free membership management :-)
jdd
sorry, forgot the link http://galette.eu/dc/?navlang=en jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On czw, lut 21, 2019 at 11:01 AM, Lars Vogdt
Hi
Sorry for the long Email below, but the topic is triggering something in me that I can not hold any longer. Before you proceed reading, please note that I am speaking here as openSUSE member, not more, not less. I also don't want to attack anyone personally, just want to make clear where I see problems from my personal point of view.
On Thu, 21 Feb 2019 09:39:11 +0100 Richard Brown wrote:
On Thu, 21 Feb 2019 at 09:35, Maurizio Galli (MauG)
wrote: AFAIK Connect was declared soon to be dead some time ago.
Perhaps the way to deal with the spam is to pull the plug ASAP?
Pull the plug without a replacement for the Membership and the Membership application process and we'll be on course for not electing a new Board and having a constitutional crisis in the future
https://en.opensuse.org/openSUSE:Membership_officials#Process describes the current process and the requirements for such a replacement.
Getting a replacement should not be that hard. I could imagine anything from a Next-/Owncloud instance (with nice, additional features) over to something designed especially for membership management tasks like https://www.admidio.org/ for example.
But I see another, real problem: the amount of people willing to administrate and maintain all the infrastructure behind openSUSE is meanwhile down to less than a handful of people - and those need to be real super heroes as meanwhile they do not only need to administrate the "backend stuff" (means: operating systems, storage & network stuff) but ALSO all the running applications. I don't know how they manage all this in their spare time, but they have my deepest respect and I wish there would be more volunteers.
If you want to get an idea about the current status, just take the systems listed at https://status.opensuse.org/ (and keep in mind that there are many more systems in the backend that are not listed there):
* download.o.o -> maintained by one person, if I'm right * planet.o.o -> more or less unmaintained - old, outdated software
There is an issue of upstream, it seems that there is no good upstream planet software, I have been working between the breaks on something that would work for us, but gave up after being tired of how annoyingly unsupported planet software seems to be. Also it's realistically a static website + CRON, and all reports of spam before on it were handled well by the admins.
* etherpad.o.o -> running outdated version, unmaintained
I might reuse the instance with matrix, considering riot has etherpad integration :thinking: (heroes, take me, I can fix this :x)
* icc.o.o -> down since weeks now, and nobody cares * lizards.o.o -> 4.7.5 vs. 5.0.3 including security problems (please correct me here, if I'm wrong)
Also dead, the only posters are YaST team, which should move to their own yast.opensuse.org, when I get to creating a jekyll theme for posts and stuff needed to migrate. I will create a ticket to provo to export database later today.
* news.o.o -> at least the current version, but updates are happening only on special request
Funny you should mention that, I requested database export from provo, no response this far (please provo, it's not this hard)
* features.o.o -> luckily to be shut down soon * progress.o.o -> old, outdated
And actively used ;)
* connect.o.o -> old, outdated - topic of this thread ...
To me it looks like more or less everything which is currently not in scope for SUSE employees is unmaintained.
Please note: this should not be an attack to anyone - especially not to the openSUSE heroes, who do their best to keep the systems up and running - but the openSUSE community should IMHO decide sooner than later IF and HOW these systems should be handled in the future.
Most of the web-applications listed above started because of enthusiastic community members who invested a lot of their spare time into this. They learned a lot and others found their work useful - everybody had a lot of fun during these days. But live goes on, and people start having other interests and went away. Others still find the systems useful and want to use them - they became legacy.
From my point of view, openSUSE as community is very bad in managing those legacy systems. While for some of them (like crashdb.o.o) the right approach was taken and the systems were shut down, others are still there and need someone who takes care.
Because it is not clear who is responsible for them, this is one critisizm I would commit towards heroes here :P
We have an infrastructure policy [1] that says: "All running servers will be evaluated every 6 month to determined continued need for the services provided. If a service is deemed outdated or the server hosts content that may no longer be needed the maintainer on record will be contacted to provide additional details. If no response is received within a 2 week period the server will be shut down."
So either we - as community - decide to delete this sentence completely (as we do not want to follow the policy), or we allow our openSUSE heroes to follow the policy and shut down the services listed above. Sounds simple and consequent, right?
Agreed
If there is a need, requested from whomever (and from my personal history I know the board resp. the membership committee is asking again and again to keep connect.o.o alive), this person/group either has to invest the time and resources to keep the service in question up-to date, secure and alive or had to agree that they need to search for something else and find someone who takes over the administration.
I personally left the openSUSE heroes for many reasons. But one reason clearly was that I did not want to take over the responsibility for services that I did not set up/developed or have any interest in. Many users seem to anticipate that "keeping a service up and running" is very easy. I say: no, it isn't. Keeping a service not only available but secure and adjusted to changes (like PHP5 -> PHP7 or Ruby 2.3 -> 2.5 as example) needs time and knowledge. Of course, you could re-install it or re-deploying your docker image every time it has been hacked, but my personal demands are way higher than that.
So: saying that we need to keep old, outdated, already spammed services up and running "because our users - or better, a small group of users - want or need them" -- fully inheriting the risk of security and data breaches (how many people have their personal data stored in connect?) is not the way I can support. Not the way I can accept. Not the way I want to see openSUSE running and handling the personal data of the own community.
And I agree, some of those services should __not__ be handled by dynamic websites, all we really need for news, planet is jekyll frontend generated locally, which cannot be breached or contain personal details. I really want provo to respond with news and lizards, so we can have way nicer looking and working website for news, and send people articles they wrote on lizards in the past, so they can put them up somewhere they desire. BUT that requires provo to be responsive :/
I already took the consequences and stepped back from the openSUSE heroes. Looks like I need to step back as openSUSE member as well, as this is really nothing I want to be involved with.
openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
And it basically is managed via paper, or more precisely via spreadsheet from what I heard. From my POV, this is the perfect time to take action, considering that SUSE has to move away from majority of infra anyway, due to buyout, openSUSE could implement stuff like FAS and noggin for login, pagure for code etc. If you are passionate about managing web services, heroes have their arms more open than any other "team" in openSUSE from my experience (take note everybody >:D). There are also two services that weren't updated in a long time, paste and lists, those need some serious work too, but I believe there was a plan to move to gnu mailman anyway, so hopefully hyperkitty will be a thing for openSUSE in the future. Paste though? Well, well, uhh... LCP [Stasiek] https://lcp.world -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Op donderdag 21 februari 2019 10:16:40 CET schreef Richard Brown:
On Thu, 21 Feb 2019 at 10:02, Matthias Brugger
wrote: Obviously it would be much nicer if the solution didn't involve google docs so hopefully someone can come up with something before connect completely dies and we have to use it as a method of last resort. We don't need something complex however under GDPR we do need to ensure that only the people that need access to the info have it.
You can do that with a nextcloud instance. So the question would be if someone wants to set that up and maintain it...
Or you create an internal email list for board + heroes where you post such requests.
The Board absolutely do not have anything to do with approving Memberships - that would be a rather large conflict of interest, selecting who would be empowered to vote for them ;)
That's why we have a Membership Committee - https://en.opensuse.org/openSUSE:Membership_officials#Process I firmly agree with Matthias Brugger's idea, that a simple Nextcloud instance could do this (and more). Not only as a member registration platform, but even as a replacement of connect.o.o . Apart from technical issues that have to be solved, it provides a fully open environment. We might even ask them to cooperate and have f.e. the Helios voting system accessible as a NC app, or have the login embedded. But, a solid database of users / members it IMHO could defititely do the job.
-- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 21/02/2019 23:53, Vincent Untz wrote:
Hey,
Le jeudi 21 février 2019, à 11:41 +0100, Richard Brown a écrit :
On Thu, 21 Feb 2019 at 11:01, Lars Vogdt
wrote: openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members.
If the relevant info is exported, why would we not have any project members anymore?
We will still have members but will not have a way to add new members, keeping a couple of copies of the list somewhere secure probably isn't that hard but keeping it and its backups up to date and accessible by the right people isn't so simple. Yes we could just keep a piece of paper on Richard's desk but given he's in a open office from memory I doubt that would meet GDPR requirements. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Carlos E. R. wrote:
I understand that is what is needed for the new thing. But what is needed to clear the spam on opensuse-connect, which is the current thread subject?
A very good point. Maybe we ought to focus on what is achieveable in the short term - getting rid of the spam.
If I were to volunteer for that, what would I need to do? It seems to me that it is another forum. I know nothing of maintaining a forum in order to reduce spam, so all I can think of is manually deleting posts and killing those posters,
That is probably what it boils down to, yes. Or we can look at disabling those pages altogether. -- Per Jessen, Zürich (7.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le vendredi 22 février 2019, à 10:27 +1030, Simon Lees a écrit :
On 21/02/2019 23:53, Vincent Untz wrote:
Hey,
Le jeudi 21 février 2019, à 11:41 +0100, Richard Brown a écrit :
On Thu, 21 Feb 2019 at 11:01, Lars Vogdt
wrote: openSUSE membership can be managed via paper. Setting up Email aliases and IRC cloaks can be stopped until there is a new tool established. Lost trust and data because of security breaches is way harder to restore and will result in much more work for everyone.
We can't just have people randomly turning off services which provide key planks to the project. If OBS dissapeared tomorrow without replacement we wouldn't have any distributions. If connect.opensuse.org disappears tomorrow we don't have any Project members.
If the relevant info is exported, why would we not have any project members anymore?
We will still have members but will not have a way to add new members, keeping a couple of copies of the list somewhere secure probably isn't that hard but keeping it and its backups up to date and accessible by the right people isn't so simple.
As said, it's something I would deal in a reactive way, and it's a matter of priorities. It's bad to not be able to update our list of members, but it's even worse to have connect.o.o up and running.
Yes we could just keep a piece of paper on Richard's desk but given he's in a open office from memory I doubt that would meet GDPR requirements.
I can't comment on the GDPR bit. But on top of the nextcloud/owncloud proposal and the galette proposal, I can suggest: - have a private git repo somewhere; could be the closed gitlab instance we have for the infra, could be just a git repo in a VM that is reached with ssh access - even a text file in a VM with only access from membership officials - temporarily have a bottleneck who would maintain the list in a secure way (not a piece of paper on a desk). And yes, the bottleneck could be Richard for instance. The "replacement" doesn't necessarily require somebody to step up and set up a new service. But again, what is important here is to retire a service that is not maintained, has security issues, and contains personal data. This should be the priority. Cheers, Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Fri, 22 Feb 2019 at 09:23, Vincent Untz
The "replacement" doesn't necessarily require somebody to step up and set up a new service.
But again, what is important here is to retire a service that is not maintained, has security issues, and contains personal data. This should be the priority.
The "replacement" has the following clear requirements 1) Aspiring Members must have a way of applying to be a member. 2) This application must include some details of their contributions for the Membership Committee to verify. 3) The membership committee must have some way to coordinate their activities so the decisions to +1/-1 an application are honoured. 4) The decisions of the membership committee must have some way of being tracked 5) Some way of granting the perks of Membership (eg. opensuse.org email addresses and voting) must be provided Currently only connect.o.o provides the above, and I do not yet see suggestions that address the above requirements Requirements 1 & 2 will put new demands on aspiring openSUSE Members. The consequences on these important new blood to the project should not be ignored, and the implications and solutions need to be discussed to the satisfaction of the community as a whole. If we don't get this right, we discourage new contributions from being new Members, which is a terrifying prospect. Requirements 2-4 will put new demands on the already hard working Membership Committee. As far as I am aware, no one has spoken to them about whether they are comfortable with the impacts on their contributions to the Project. If they do not agree to the actions being taken here, then the Project has no way of validating new members, which is a terrifying prospect. Requirement 5 will impact every single existing member. The potential loss of all of our @opensuse.org email addresses or the establishment of separate classes of Member, those with the benefits the scheme expects and those without (because no one took care of the tooling) is an unappetizing prospect. All of the requirements I describe above are about the _people_ of the openSUSE Project. What they will need to do and how they will be impacted. Technically, connect.o.o might need to go, but whoever wants to turn it off, needs to do the work of thinking about the people effected, talking to the people effected, and addressing the needs of the people effected. Stomping feet and demanding servers are turned off is not going to accomplish that. Instead, please direct your energies to ensuring actions taken for good technical reasons don't produce larger personal and constitutional impacts for the Project. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am Freitag, 22. Februar 2019, 11:40:32 CET schrieb Richard Brown:
The "replacement" has the following clear requirements
1) Aspiring Members must have a way of applying to be a member. 2) This application must include some details of their contributions for the Membership Committee to verify. 3) The membership committee must have some way to coordinate their activities so the decisions to +1/-1 an application are honoured. 4) The decisions of the membership committee must have some way of being tracked 5) Some way of granting the perks of Membership (eg. opensuse.org email addresses and voting) must be provided
Currently only connect.o.o provides the above, and I do not yet see suggestions that address the above requirements
And I still don't see how a calc file couldn't solve all of these issues: 1) Email to membership-apply@o.o 2) Contents of the Email from 1) 3) Shared calc file 4) Shared calc file 5) Shared calc file plus creating email alias and adding the user to helios My impression is that this whole thing is grown overly complicated over the years. Let's just trim it and keep things both easy to use and to maintain. Regards, vinz. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 22/02/2019 08.32, Per Jessen wrote:
Carlos E. R. wrote:
I understand that is what is needed for the new thing. But what is needed to clear the spam on opensuse-connect, which is the current thread subject?
A very good point. Maybe we ought to focus on what is achieveable in the short term - getting rid of the spam.
If I were to volunteer for that, what would I need to do? It seems to me that it is another forum. I know nothing of maintaining a forum in order to reduce spam, so all I can think of is manually deleting posts and killing those posters,
That is probably what it boils down to, yes. Or we can look at disabling those pages altogether.
What do I start reading? It looks to me that people are creating groups, and then sometimes post there. Maybe I just need admin access of some kind and the interface would appear for purging. Some people are so confused that they ask Linux questions there, not spam but not appropriate. And of course they get few answers, and often wrong - from a quick look. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On Fri, 22 Feb 2019 at 12:19, Vinzenz Vietzke
Am Freitag, 22. Februar 2019, 11:40:32 CET schrieb Richard Brown:
The "replacement" has the following clear requirements
1) Aspiring Members must have a way of applying to be a member. 2) This application must include some details of their contributions for the Membership Committee to verify. 3) The membership committee must have some way to coordinate their activities so the decisions to +1/-1 an application are honoured. 4) The decisions of the membership committee must have some way of being tracked 5) Some way of granting the perks of Membership (eg. opensuse.org email addresses and voting) must be provided
Currently only connect.o.o provides the above, and I do not yet see suggestions that address the above requirements
And I still don't see how a calc file couldn't solve all of these issues:
1) Email to membership-apply@o.o 2) Contents of the Email from 1) 3) Shared calc file 4) Shared calc file 5) Shared calc file plus creating email alias and adding the user to helios
My impression is that this whole thing is grown overly complicated over the years. Let's just trim it and keep things both easy to use and to maintain.
Again, you have totally missed my point Your observations regarding 1-5 above might be valid They might not Fact is, it doesn't bloody matter until you speak to the people impacted I'm not the Membership Officials, this is not the Membership Officials mailinglist. we're talking about changing the workflow and tools by those contributors. If I was a Membership Official, I would be bloody pissed off to find a mailinglist thread discussing the future work I would have to do without consulting with me first. Forget the bloody technology for a second, think about the people, start reaching out to them and talking to them. Until then, all this debate is hot air. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 22/02/2019 à 13:03, Richard Brown a écrit :
I'm not the Membership Officials, this is not the Membership Officials mailinglist.
why don't you froward it to the right mailing list then? I'm part of membership official and think this discussion important, but of course I don't speak for everybody
we're talking about changing the workflow and tools by those contributors.
If I was a Membership Official, I would be bloody pissed off to find a mailinglist thread discussing the future work I would have to do without consulting with me first.
added membership official to the target jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Richard, Le vendredi 22 février 2019, à 11:40 +0100, Richard Brown a écrit :
On Fri, 22 Feb 2019 at 09:23, Vincent Untz
wrote: The "replacement" doesn't necessarily require somebody to step up and set up a new service.
But again, what is important here is to retire a service that is not maintained, has security issues, and contains personal data. This should be the priority.
The "replacement" has the following clear requirements
[...]
Stomping feet and demanding servers are turned off is not going to accomplish that. Instead, please direct your energies to ensuring actions taken for good technical reasons don't produce larger personal and constitutional impacts for the Project.
I think we're not discussing exactly at the same level: I'm interested in what is most important to do. I will oversimplify this with a simple question to the board: Is it more important to enable people to become openSUSE members or to properly secure the data of existing openSUSE members? When I read your answer, I understand the former is more important. That's what I disagree with. And don't get me wrong: of course both are important, and ideally we'd do both; and yes, I'm oversimplifying and the world is not black and white. But I'm reading that we failed to take action on this for an extended amount of time, and the solution is not to wait for people to take action. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Fri, 22 Feb 2019 at 13:13, jdd@dodin.org
Le 22/02/2019 à 13:03, Richard Brown a écrit :
I'm not the Membership Officials, this is not the Membership Officials mailinglist.
why don't you froward it to the right mailing list then? I'm part of membership official and think this discussion important, but of course I don't speak for everybody
Why don't I? I, and multiple previous boards, including ones chaired by my predecessor, repeatedly raised the issue of connect.opensuse.org repeatedly. Each time I have found myself disappointed by no one following up and actually doing anything, despite promises made. Furthermore, as Chairman of the Project, every time I open my big mouth I get accused of imposing my will and forcing people to do things. It has been suggested that sometimes people don't do things precisely BECAUSE I asked for it. So, this is a situation that effects everyone in the Project, it's a clear example of a situation which could, and I would say _should_, be driven by anyone. So I think it's best for the health of the Project that, as this is a topic people care about, they should feel empowered to move forward and do stuff to solve the problems they see. And I'll be sticking to the core roles defined for the openSUSE Board - https://en.opensuse.org/openSUSE:Board "Facilitate communication with all areas of the community" My posts here in this thread should serve as a reminder that it is the communities responsibility to communicate with the relevant parts of the community. The changes being proposed here risk significant impacts on the Membership Committee and the Heroes. Talking about what solution is best here is for nothing unless people are ensuring that the Membership Committee and the Heroes agree -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Fri, 22 Feb 2019 at 13:17, Vincent Untz
When I read your answer, I understand the former is more important. That's what I disagree with.
And don't get me wrong: of course both are important, and ideally we'd do both; and yes, I'm oversimplifying and the world is not black and white. But I'm reading that we failed to take action on this for an extended amount of time, and the solution is not to wait for people to take action.
I'll give you a black and white answer. It doesn't matter which you, or I, think is more important. The only thing that matters is what are the contributors to the openSUSE Project motivated to actually do. We can't create a solution out of thin are, and we shouldn't be in the business of making problems worse for the Project. People should be motivated and empowered to take care of the things that bother them. This is an echo of the view you yourself expressed when the topic of connect.opensuse.org first came up in your last face to face meeting as Chairman. The technical and practical realities have not changed in any material way since then. There's a problem, it needs addressing, but if no one in the community is willing to address it, then it almost certainly will end up lingering around until some people are motivated to address it. Maybe now this is finally the time, if so, great! But, in the burst of enthusiasm that this problem seems to be endearing, I think the most important than is we don't lose sight of the contributors impacted. In my view, the door is wide-wide open for a solution, but my view doesn't really matter. The only opinions that really do are the views of the people who will implement a new solution, the Membership Officials who'll have to use the solution, and the Heroes who'll have to decommission connect.o.o and handle any replacement. I'm not convinced the first group have taken the important steps of engaging closely with the latter 2 groups. Lets make sure we put the people first, that's all I'm advocating for here. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 22/02/2019 à 13:22, Richard Brown a écrit :
On Fri, 22 Feb 2019 at 13:13, jdd@dodin.org
wrote: Le 22/02/2019 à 13:03, Richard Brown a écrit :
I'm not the Membership Officials, this is not the Membership Officials mailinglist.
why don't you froward it to the right mailing list then? I'm part of membership official and think this discussion important, but of course I don't speak for everybody
Why don't I?
Each time I have found myself disappointed by no one following up and actually doing anything, despite promises made.
being about openSUSE infrastructure I don't see any people better than you to ask :-)
It has been suggested that sometimes people don't do things precisely BECAUSE I asked for it.
I don't always agree with you, but you are certainly entitled to speak and be rea
clear example of a situation which could, and I would say _should_, be driven by anyone.
well as I said I could drive it by some outside openSUSE system (galette from friends of mine seems to fill the needs), but I also feel openSUSE would be a bit ridiculous to do so :-(
So I think it's best for the health of the Project that, as this is a topic people care about, they should feel empowered to move forward and do stuff to solve the problems they see.
did you notice I did the forward, and the posy went on membership mailing list. That said I don't know who is member of this list nor how the membership team is created, so It's good this is discussed also here
Talking about what solution is best here is for nothing unless people are ensuring that the Membership Committee and the Heroes agree
heroes team, somebody here? jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am Freitag, 22. Februar 2019, 13:03:55 CET schrieb Richard Brown:
If I was a Membership Official, I would be bloody pissed off to find a mailinglist thread discussing the future work I would have to do without consulting with me first. Forget the bloody technology for a second, think about the people, start reaching out to them and talking to them.
This is the -project mailing list. The topic is relevant for the project, connect is part of the project's infrastructure. Furthermore I can see at least two membership committee persons in this thread literally asking where to help instead of being pissed. So, maybe your assumptions are just wrong and by pushing the technology aside you're derailing the discussion from it's boiling point: finding a solution for the problem instead of pointing towards symptoms.
Until then, all this debate is hot air.
Oh come on, seriously? Regards, vinz. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Fri, 22 Feb 2019 at 14:25, Vinzenz Vietzke
Am Freitag, 22. Februar 2019, 13:03:55 CET schrieb Richard Brown:
If I was a Membership Official, I would be bloody pissed off to find a mailinglist thread discussing the future work I would have to do without consulting with me first. Forget the bloody technology for a second, think about the people, start reaching out to them and talking to them.
This is the -project mailing list. The topic is relevant for the project, connect is part of the project's infrastructure. Furthermore I can see at least two membership committee persons in this thread literally asking where to help instead of being pissed. So, maybe your assumptions are just wrong and by pushing the technology aside you're derailing the discussion from it's boiling point: finding a solution for the problem instead of pointing towards symptoms.
I count one - https://en.opensuse.org/openSUSE:Membership_officials#Members And while I know jdd does a good job among the team, I also know he does less than other Members on the list I think it's the height of bad manners for one group of contributors to go steaming ahead without taking care of the impact that it could have on other, equally hard working contributors. The technology doesn't matter - openSUSE isn't a Project built on technology, it's built on people. You cannot convince me that there isn't a need here to remind people to stop, take a breath, and talk to the people impacted. Any change in this area _must_ have the consent of the people actively using connect.opensuse.org - that is our Membership Officials. They must be happy with any action before it's taken. Any change in this area _must_ also have the consent of the openSUSE heroes, as they're the ones maintaining our systems. They must be happy before any action is taken. Everything else is secondary to that. Not invalid, not unimportant, but we're a community project - We must not allow our collective desire to do the right thing technically to go steaming over the contributions and work of others. We're not a community is we don't put our own people first.
Until then, all this debate is hot air.
Oh come on, seriously?
Yes, seriously. We've all read the technical ideas presented to solve the problems here, but it's not going to be more than hot air until the people who want to do this work get the people currently using connect on board with their solution. I don't like saying 'woah horseie' to the rampaging emotive gallop of this community at full speed, but that is part of the Board's job Facilitate communication with all areas of the community - this mailinglist is insufficient, the Heroes and Committee need to be involved, it's the Board's job to remind everyone here of that. Facilitate decision making processes where needed. - the Membership Officials and Heroes need to have their say in this decision, it's the Board job to remind everyone here of that. Take care of those things, and we can all quite happily race ahead to a new solution, but, yes, seriously, I've got to remind everyone of the other sides of this issue. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am Freitag, 22. Februar 2019, 14:37:53 CET schrieb Richard Brown:
Facilitate communication with all areas of the community - this mailinglist is insufficient, the Heroes and Committee need to be involved, it's the Board's job to remind everyone here of that. Facilitate decision making processes where needed. - the Membership Officials and Heroes need to have their say in this decision, it's the Board job to remind everyone here of that.
I disagree. My idea is that this mailinglist distills one or more proposals and presents them to the people involved afterwards, fetching some comments, but mostly being fixed. If heroes and committee want to get involved into this process here's the place and people listening. Otherwise they somehow have to accept that their influx is limited in the aftermath. Requesting people to run around and ask everyone to get involved makes this mailinglist mostly pointless. And furthermore this attitude transports the message that any discussion here is worth nothing - as long as not everyone got is personal invitation to take part. (I'm exaggerating of course. But you get my point.)
Take care of those things, and we can all quite happily race ahead to a new solution, but, yes, seriously, I've got to remind everyone of the other sides of this issue.
Of course. You did that right at the beginning of this thread. Repeating it instead of sticking to the (somewhat technical) discussion is not necessary and gives the impression of an unwanted discussion topic. Regards, vinz. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Le 22/02/2019 à 14:37, Richard Brown a écrit :
I count one - https://en.opensuse.org/openSUSE:Membership_officials#Members
And while I know jdd does a good job among the team, I also know he does less than other Members on the list
I try to retire, given I'm aging, but still don't want openSUSE to stop working for some simple obstacle :-)
You cannot convince me that there isn't a need here to remind people to stop, take a breath, and talk to the people impacted.
yes...
Any change in this area _must_ have the consent of the people actively using connect.opensuse.org - that is our Membership Officials. They must be happy with any action before it's taken.
may be also ask the election comity?
mailinglist is insufficient, the Heroes and Committee need to be involved, it's the Board's job to remind everyone here of that.
then do. Please membership official members and heroes members that read this, step in! or may be there is a better list to join them?
Take care of those things, and we can all quite happily race ahead to a new solution, but, yes, seriously, I've got to remind everyone of the other sides of this issue.
yes, done (it had to be done), thanks *I* can manage a galette session *if ever necessary* (managers are friends of mine - https://www.le-pic.org/spip.php?article817) thanks jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Hi all (starting a new subthread, I'm not interested in the flame wars) Am 20.02.19 um 10:48 schrieb Alex Christoph Bihlmaier:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
I looked at it. AFAICT, what the spammers do is: * get an openSUSE (microfocus.com) account * use this account to log into connect and then start throwing crap into the fan to distribute it. How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o 1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences. 2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible? If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Gesendet: Samstag, 23. Februar 2019 um 15:45 Uhr Von: "Stefan Seyfried"
An: opensuse-project@opensuse.org Betreff: [opensuse-project] technical solutions possible? (was: huge amount of SPAM on opensuse-connect) Hi all
(starting a new subthread, I'm not interested in the flame wars)
Am 20.02.19 um 10:48 schrieb Alex Christoph Bihlmaier:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
I looked at it.
AFAICT, what the spammers do is: * get an openSUSE (microfocus.com) account * use this account to log into connect and then start throwing crap into the fan to distribute it.
How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o
1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences. 2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible?
If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam.
Krurpht has offered a list with locked spam accounts from openSUSE forums.
-- Stefan Seyfried
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 23/02/2019 15.45, Stefan Seyfried wrote:
Hi all
How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o
1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences. 2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible?
If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam.
I also volunteered for #2. But I don't know yet how to get access and how to get whatever information is available about the platform. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Le 23/02/2019 à 20:14, Carlos E. R. a écrit :
But I don't know yet how to get access and how to get whatever information is available about the platform.
may be the heroes team can help there, giving you moderator access (?) https://en.opensuse.org/openSUSE:Heroes yet an other ticket for admin@opensuse.org (probably have to wait Monday to have an answer :-) jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 2/23/19 6:45 AM, Stefan Seyfried wrote:
Hi all
(starting a new subthread, I'm not interested in the flame wars)
Don't worry about flame wars. The Community looks like it is coming together on this to work on a solution. ;-)
Am 20.02.19 um 10:48 schrieb Alex Christoph Bihlmaier:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
I looked at it.
AFAICT, what the spammers do is: * get an openSUSE (microfocus.com) account * use this account to log into connect and then start throwing crap into the fan to distribute it.
How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o
1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences. 2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible?
If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam.
Thanks for stepping up. Glad to have you. -- -Gerry Makaro openSUSE Member openSUSE Global Moderator openSUSE Contributor YaST Contributor aka Fraser_Bell on the Forums, OBS, IRC, and mail at openSUSE.org Fraser-Bell on Github -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 23/02/2019 15.45, Stefan Seyfried wrote:
Hi all
(starting a new subthread, I'm not interested in the flame wars)
Am 20.02.19 um 10:48 schrieb Alex Christoph Bihlmaier:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
I looked at it.
AFAICT, what the spammers do is: * get an openSUSE (microfocus.com) account * use this account to log into connect and then start throwing crap into the fan to distribute it.
How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o
1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences. 2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible?
If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam.
I have now admin access to the connect platform, so I will start working on it soon. If you also want access, the mail where I asked for access had set a CC to this mail list. Then we can find someone to coordinate. :-) They told me to delete users. Banning is possible but not recommended, it just puts a notice. I just asked admin about your concern on 1). -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 24/02/2019 01:15, Stefan Seyfried wrote:
Hi all
(starting a new subthread, I'm not interested in the flame wars)
Am 20.02.19 um 10:48 schrieb Alex Christoph Bihlmaier:
Hello dear fellow opensuse-enthusiasts!
I am wondering about openSUSE connect - there is a huge amount of spam on it and it really is not a shiny & bright representation of the openSUSE project.
I looked at it.
AFAICT, what the spammers do is: * get an openSUSE (microfocus.com) account * use this account to log into connect and then start throwing crap into the fan to distribute it.
How can we solve it? 1) disable these accounts 2) block specific accounts on connect.o.o, even though they are still enabled 3) (not an option yet, see the flame wars) shut down connect.o.o
1) might be hard for the community, as the accounts are maintained by microfocus. Additionally, even an account that "we" (community) identify as a spammer, might still be a paying SUSE / Novell / Microfocus customer, and disabling the account might have unwanted consequences.
Sometime in the not to distant future, if it hasn't happened already this will no longer be an issue as with the Microfocus - SUSE Split all the accounts should be duplicated / separated where needed, the only potential downside here is the people who can probably bulk disable a bunch of accounts or come up with a way to do something similar are also exceptionally busy working on splitting everything that needs to be split.
2) I have no idea if this is technically possible. Anyone with knowledge of the underlying system around that can tell us if this is possible?
If 2) is possible, I would volunteer to go through connect.o.o and disable/block/whatever all accounts that are obvious spam.
3) given people are starting to step up and actively work on 3, its quite possible that we will reach a point where connect can be killed, maybe even before we have better access / time to deal with spam accounts. There is potentially not much point in cleaning up connect if it looks likely that we will be able to kill it in the next month or two, as its hardly something that new users are going to find we haven't advertised where it is well for a long time and existing users only ever go there to apply for membership which can now be done via email anyway. Which brings me to a thought bubble of I wonder if we just kill the front end or make it only accessible internally to the hero's or even just remove the dns entries for connect so its only findable for the people who still really need to use it. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am 26.02.19 um 11:28 schrieb Carlos E. R.:
They told me to delete users. Banning is possible but not recommended, it just puts a notice. I just asked admin about your concern on 1).
Well, if you delete a new spammer, it will just come back with the same username 5 minutes later (seen several times today). So I block them (which replaces the "about" box with a "this user is banned" banner, and makes them invisible to not logged in users. Additionally, I set all profile fields to "private". This effectively makes the spam invisible to anyone not an admin and avoids them recreating the user with the same Login (probably they just re-login via microfocus credentials and the login is automatically recreated). I do delete users who have created several spam groups (or older spam accounts that have not been active for a while, in the assumption that they will not come back). If you delete a user, all of his groups are also deleted. But groups should be clean now, after I removed a few thousand last night (one spam user had several hundred spam groups, so deleting this user was a big win). Going through the users now, but this is tedious, so I will target those that turn up on the front page first. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am 26.02.19 um 13:25 schrieb Stefan Seyfried:
Am 26.02.19 um 11:28 schrieb Carlos E. R.:
They told me to delete users. Banning is possible but not recommended,
I just found out that banning works perfectly fine.
it just puts a notice. I just asked admin about your concern on 1).
All connect.o.o admins (you and me for example :-) will still see the banned account, but normal users will not. Banning has the additional benefit, that it can be undone, in case we judge wrong. Deleting can't be undone AFAICT. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 2/26/19 2:28 AM, Carlos E. R. wrote:
I have now admin access to the connect platform, so I will start working on it soon. If you also want access, the mail where I asked for access had set a CC to this mail list. Then we can find someone to coordinate. :-)
Yes, Carlos. Christian, tampakrap, and I discussed this yesterday and agreed you and Stefan should be given Admin rights, the best access you can have to get the job done. Thanks again for stepping up like this, both of you. It is very much appreciated. -- -Gerry Makaro openSUSE Member openSUSE Global Moderator openSUSE Contributor YaST Contributor aka Fraser_Bell on the Forums, OBS, IRC, and mail at openSUSE.org Fraser-Bell on Github -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 2/26/19 2:55 AM, Simon Lees wrote:
3) given people are starting to step up and actively work on 3, its quite possible that we will reach a point where connect can be killed, maybe even before we have better access / time to deal with spam accounts. There is potentially not much point in cleaning up connect if it looks likely that we will be able to kill it in the next month or two, as its hardly something that new users are going to find we haven't advertised where it is well for a long time and existing users only ever go there to apply for membership which can now be done via email anyway. Which brings me to a thought bubble of I wonder if we just kill the front end or make it only accessible internally to the hero's or even just remove the dns entries for connect so its only findable for the people who still really need to use it.
Oh, yes, I agree, mostly. However, in discussions with cboltz, tampakrap, and lcp yesterday, we thought that with some of the proposed solutions, some cleanup would help when porting information to the new system. At any rate, it could not hurt, and it looks to me like Carlos and Stefan are doing a super job. -- -Gerry Makaro openSUSE Member openSUSE Global Moderator openSUSE Contributor YaST Contributor aka Fraser_Bell on the Forums, OBS, IRC, and mail at openSUSE.org Fraser-Bell on Github -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 26/02/2019 23.04, Fraser_Bell wrote:
On 2/26/19 2:55 AM, Simon Lees wrote:
3) given people are starting to step up and actively work on 3, its quite possible that we will reach a point where connect can be killed, maybe even before we have better access / time to deal with spam accounts. There is potentially not much point in cleaning up connect if it looks likely that we will be able to kill it in the next month or two, as its hardly something that new users are going to find we haven't advertised where it is well for a long time and existing users only ever go there to apply for membership which can now be done via email anyway. Which brings me to a thought bubble of I wonder if we just kill the front end or make it only accessible internally to the hero's or even just remove the dns entries for connect so its only findable for the people who still really need to use it.
Oh, yes, I agree, mostly.
However, in discussions with cboltz, tampakrap, and lcp yesterday, we thought that with some of the proposed solutions, some cleanup would help when porting information to the new system.
At any rate, it could not hurt, and it looks to me like Carlos and Stefan are doing a super job.
I don't think you need cleanup for porting the openSUSE membership info, because basically you only need the list of users that belong to the "member" group, and their user data. But I noticed there are other groups with many members, like for example "KDE team", "ambassadors", "Marketing team"... I don't know if they are used for something or not. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 26/02/2019 15.32, Stefan Seyfried wrote:
Am 26.02.19 um 13:25 schrieb Stefan Seyfried:
Am 26.02.19 um 11:28 schrieb Carlos E. R.:
They told me to delete users. Banning is possible but not recommended,
I just found out that banning works perfectly fine.
it just puts a notice. I just asked admin about your concern on 1).
All connect.o.o admins (you and me for example :-) will still see the banned account, but normal users will not.
Banning has the additional benefit, that it can be undone, in case we judge wrong. Deleting can't be undone AFAICT.
I noticed today, without login, a user named "Jolie Ville Royal Peninsula Hotel & Resort", but clicking produces nothing, so I suppose he is banned. I login to check. Oh, it disappeared from the page. Searching... yes, the user exists, but banned. It is a pity the name still shows. What a name, what a cheek! Could we put creation of groups or polls by new users on moderation? That would block most new spam. I guess that would mean modification of the platform, coding, so better not touch it. If connect is a platform that was developed for us, I find it amazing. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Hi Carlos, Am 01.03.19 um 10:43 schrieb Carlos E. R.:
I noticed today, without login, a user named "Jolie Ville Royal Peninsula Hotel & Resort", but clicking produces nothing, so I suppose he is banned. I login to check. Oh, it disappeared from the page. Searching... yes, the user exists, but banned.
It is a pity the name still shows. What a name, what a cheek!
All we can do here is to change the name (I changed it to "spammer" now :-)), but that's considerable more effort than just clicking "ban", hit "enter" and be done.
Could we put creation of groups or polls by new users on moderation? That would block most new spam. I guess that would mean modification of the platform, coding, so better not touch it.
If connect is a platform that was developed for us, I find it amazing.
No, it's elgg https://elgg.org/, probably mostly standard with some non-standard config, skin and maybe plugins. But I really would not touch it anymore. I'll just keep an eye on new accounts and ban them once they start spamming. During office hours, their TTL is usually less than 30 minutes ;-), on non-work days, I'll probably just look after it once per day. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 01/03/2019 13.26, Stefan Seyfried wrote:
Hi Carlos,
Am 01.03.19 um 10:43 schrieb Carlos E. R.:
I noticed today, without login, a user named "Jolie Ville Royal Peninsula Hotel & Resort", but clicking produces nothing, so I suppose he is banned. I login to check. Oh, it disappeared from the page. Searching... yes, the user exists, but banned.
It is a pity the name still shows. What a name, what a cheek!
All we can do here is to change the name (I changed it to "spammer" now :-)), but that's considerable more effort than just clicking "ban", hit "enter" and be done.
oh! I didn't know it was possible.
Could we put creation of groups or polls by new users on moderation? That would block most new spam. I guess that would mean modification of the platform, coding, so better not touch it.
If connect is a platform that was developed for us, I find it amazing.
No, it's elgg https://elgg.org/, probably mostly standard with some non-standard config, skin and maybe plugins.
Ah!
But I really would not touch it anymore. I'll just keep an eye on new accounts and ban them once they start spamming. During office hours, their TTL is usually less than 30 minutes ;-), on non-work days, I'll probably just look after it once per day.
Yes, I'm also checking (not that often), but you beat me to it ;-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 3/1/19 12:10 PM, Carlos E. R. wrote:
On 01/03/2019 13.26, Stefan Seyfried wrote:
But I really would not touch it anymore. I'll just keep an eye on new accounts and ban them once they start spamming. During office hours, their TTL is usually less than 30 minutes ;-), on non-work days, I'll probably just look after it once per day.
Yes, I'm also checking (not that often), but you beat me to it ;-)
And, if it is not a huge job to do it this way, that should be sufficient for the remaining life of Connect, I would think. Thanks again, Stefan and Carlos. -- -Gerry Makaro openSUSE Member openSUSE Global Moderator openSUSE Contributor YaST Contributor aka Fraser_Bell on the Forums, OBS, IRC, and mail at openSUSE.org Fraser-Bell on Github -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Am 01.03.19 um 21:10 schrieb Carlos E. R.:
On 01/03/2019 13.26, Stefan Seyfried wrote:
Hi Carlos,
Am 01.03.19 um 10:43 schrieb Carlos E. R.:
I noticed today, without login, a user named "Jolie Ville Royal Peninsula Hotel & Resort", but clicking produces nothing, so I suppose he is banned. I login to check. Oh, it disappeared from the page. Searching... yes, the user exists, but banned.
It is a pity the name still shows. What a name, what a cheek!
All we can do here is to change the name (I changed it to "spammer" now :-)), but that's considerable more effort than just clicking "ban", hit "enter" and be done.
oh! I didn't know it was possible.
Actually, after a few days (I doubt they'll come back after their initial spam setup) we can also delete them, if it is obvious spam (there are slight doubts on accounts that only have cyrillic or chinese characters in their description and links, so I'll not delete them to avoid deleting a spammy-looking (to me :-) legitimate account), a few days later. I have done this now to clean up the front page. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 02/03/2019 09.21, Stefan Seyfried wrote:
Am 01.03.19 um 21:10 schrieb Carlos E. R.:
On 01/03/2019 13.26, Stefan Seyfried wrote:
Hi Carlos,
Am 01.03.19 um 10:43 schrieb Carlos E. R.:
I noticed today, without login, a user named "Jolie Ville Royal Peninsula Hotel & Resort", but clicking produces nothing, so I suppose he is banned. I login to check. Oh, it disappeared from the page. Searching... yes, the user exists, but banned.
It is a pity the name still shows. What a name, what a cheek!
All we can do here is to change the name (I changed it to "spammer" now :-)), but that's considerable more effort than just clicking "ban", hit "enter" and be done.
oh! I didn't know it was possible.
Actually, after a few days (I doubt they'll come back after their initial spam setup) we can also delete them, if it is obvious spam (there are slight doubts on accounts that only have cyrillic or chinese characters in their description and links, so I'll not delete them to avoid deleting a spammy-looking (to me :-) legitimate account), a few days later.
Oh, yes, I saw some like that, don't know what to do with them. Perhaps use google translate.
I have done this now to clean up the front page.
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
participants (19)
-
Alex Christoph Bihlmaier
-
Ancor Gonzalez Sosa
-
Carlos E. R.
-
Fraser_Bell
-
hellcp@opensuse.org
-
Ish Sookun
-
jdd@dodin.org
-
Knurpht-openSUSE
-
Lars Vogdt
-
Matthias Brugger
-
Maurizio Galli
-
Maurizio Galli (MauG)
-
Per Jessen
-
Richard Brown
-
Sarah Julia Kriesch
-
Simon Lees
-
Stefan Seyfried
-
Vincent Untz
-
Vinzenz Vietzke