public inbox for overseers@sourceware.org
 help / color / mirror / Atom feed
* getting spammed on bugzilla
@ 2021-11-11  3:29 Joel Brobecker
  2021-11-11  3:47 ` Andrew Pinski
  0 siblings, 1 reply; 19+ messages in thread
From: Joel Brobecker @ 2021-11-11  3:29 UTC (permalink / raw)
  To: overseers; +Cc: Pedro Alves, Simon Marchi

Hello,

Our bugzilla instance is being used as a spamming platform.
Spammers do so by just posting answers to random PRs.

As a result of this:

   - The PRs gets polluted with these annoying messages that
     we cannot remove (just mark as spam, which is a game of
     wack-a-mole and personally a waste of our precious time);

   - People on the Cc: list get emails about them.

     I wouldn't be exagerating if I said that 95% of emails I am
     getting from bugzilla, at the moment, is spam.

I think the problem is that spammers can create their account
without any form of validation.

Is there something we could do about this?

Pedro tells us that:
> LLVM has solved this by disabling new user self-registration:
>
>   https://bugs.llvm.org/enter_bug.cgi
>
> "New user self-registration is disabled due to spam. For an account please email
> bugs-admin@lists.llvm.org
> with your e-mail address and full name."

I'm happy to help with answering those legitimate account
creations, if that makes a differnce.

Any other ideas, perhaps?

Thank you!
-- 
Joel

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-11  3:29 getting spammed on bugzilla Joel Brobecker
@ 2021-11-11  3:47 ` Andrew Pinski
  2021-11-12  4:40   ` Joel Brobecker
  0 siblings, 1 reply; 19+ messages in thread
From: Andrew Pinski @ 2021-11-11  3:47 UTC (permalink / raw)
  To: Overseers mailing list; +Cc: Joel Brobecker, Simon Marchi, Pedro Alves

On Wed, Nov 10, 2021 at 7:29 PM Joel Brobecker via Overseers
<overseers@sourceware.org> wrote:
>
> Hello,
>
> Our bugzilla instance is being used as a spamming platform.
> Spammers do so by just posting answers to random PRs.
>
> As a result of this:
>
>    - The PRs gets polluted with these annoying messages that
>      we cannot remove (just mark as spam, which is a game of
>      wack-a-mole and personally a waste of our precious time);
>
>    - People on the Cc: list get emails about them.
>
>      I wouldn't be exagerating if I said that 95% of emails I am
>      getting from bugzilla, at the moment, is spam.
>
> I think the problem is that spammers can create their account
> without any form of validation.
>
> Is there something we could do about this?
>
> Pedro tells us that:
> > LLVM has solved this by disabling new user self-registration:
> >
> >   https://bugs.llvm.org/enter_bug.cgi
> >
> > "New user self-registration is disabled due to spam. For an account please email
> > bugs-admin@lists.llvm.org
> > with your e-mail address and full name."
>
> I'm happy to help with answering those legitimate account
> creations, if that makes a differnce.
>
> Any other ideas, perhaps?

GCC already disables new account creation; while sourceware does not.
I know the gcc bugzilla did get some spam last week and even at that
point, the account had been created manually too (GCC has had new
accounts disable for over a few years now even).
So what looked like a legitimate request and turned out not to be, did
slip through.  Fixing that is hard really.

Thanks,
Andrew Pinski

>
> Thank you!
> --
> Joel

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-11  3:47 ` Andrew Pinski
@ 2021-11-12  4:40   ` Joel Brobecker
  2021-11-12  8:55     ` Mark Wielaard
  0 siblings, 1 reply; 19+ messages in thread
From: Joel Brobecker @ 2021-11-12  4:40 UTC (permalink / raw)
  To: Andrew Pinski
  Cc: Overseers mailing list, Joel Brobecker, Simon Marchi, Pedro Alves

> > > LLVM has solved this by disabling new user self-registration:
> > >
> > >   https://bugs.llvm.org/enter_bug.cgi
> > >
> > > "New user self-registration is disabled due to spam. For an account please email
> > > bugs-admin@lists.llvm.org
> > > with your e-mail address and full name."
> >
> > I'm happy to help with answering those legitimate account
> > creations, if that makes a differnce.
> >
> > Any other ideas, perhaps?
> 
> GCC already disables new account creation; while sourceware does not.
> I know the gcc bugzilla did get some spam last week and even at that
> point, the account had been created manually too (GCC has had new
> accounts disable for over a few years now even).
> So what looked like a legitimate request and turned out not to be, did
> slip through.  Fixing that is hard really.

Interesting. Thanks for sharing Andrew.

My thinking on this is that we should try doing the same for
sourceware's bugzilla, and see how it goes. I'm hoping the extra
step will be a high enough barrier that it'll encourage the majority
of spammers to find somewhere else to go. Even if not perfect, if
we can block the majority of spam, that'll already be a great win
for us.

-- 
Joel

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-12  4:40   ` Joel Brobecker
@ 2021-11-12  8:55     ` Mark Wielaard
  2021-11-12 13:26       ` Carlos O'Donell
  0 siblings, 1 reply; 19+ messages in thread
From: Mark Wielaard @ 2021-11-12  8:55 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Andrew Pinski, Joel Brobecker, Simon Marchi, Pedro Alves

Hi,

On Fri, Nov 12, 2021 at 08:40:33AM +0400, Joel Brobecker via Overseers wrote:
> My thinking on this is that we should try doing the same for
> sourceware's bugzilla, and see how it goes. I'm hoping the extra
> step will be a high enough barrier that it'll encourage the majority
> of spammers to find somewhere else to go. Even if not perfect, if
> we can block the majority of spam, that'll already be a great win
> for us.

I don't like it, but I don't see another solution.  I did tweak the
spam filters to count http[s]:// and reject any comments containing
10+ urls. That seems to have worked a little. But soon after we saw
even more spam comments that simply use 1 url (and copy/paste some
earlier comment text). Currently I am blocking ~3 users and tagging
~10 comments as spam a day. Which isn't really productive use of my
time, and not really sustainable. So unless someone knows a better way
of automatically detecting spam bugzilla comments and blocking users
that post them I am afraid we will have to restrict who can sign up
for a bugzilla account or explicitly approve first time bug posters.

Cheers,

Mark


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-12  8:55     ` Mark Wielaard
@ 2021-11-12 13:26       ` Carlos O'Donell
  2021-11-22  4:03         ` Joel Brobecker
  0 siblings, 1 reply; 19+ messages in thread
From: Carlos O'Donell @ 2021-11-12 13:26 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Mark Wielaard, Pedro Alves, Simon Marchi, Joel Brobecker

On 11/12/21 03:55, Mark Wielaard via Overseers wrote:
> Hi,
> 
> On Fri, Nov 12, 2021 at 08:40:33AM +0400, Joel Brobecker via Overseers wrote:
>> My thinking on this is that we should try doing the same for
>> sourceware's bugzilla, and see how it goes. I'm hoping the extra
>> step will be a high enough barrier that it'll encourage the majority
>> of spammers to find somewhere else to go. Even if not perfect, if
>> we can block the majority of spam, that'll already be a great win
>> for us.
> 
> I don't like it, but I don't see another solution.  I did tweak the
> spam filters to count http[s]:// and reject any comments containing
> 10+ urls. That seems to have worked a little. But soon after we saw
> even more spam comments that simply use 1 url (and copy/paste some
> earlier comment text). Currently I am blocking ~3 users and tagging
> ~10 comments as spam a day. Which isn't really productive use of my
> time, and not really sustainable. So unless someone knows a better way
> of automatically detecting spam bugzilla comments and blocking users
> that post them I am afraid we will have to restrict who can sign up
> for a bugzilla account or explicitly approve first time bug posters.

I'd say we disable new account creation.

It saddens me, but it's the only solution.

For the glibc wiki new account creation requires EditGroup and that requires talking
to the community and that solved all spam problems.

-- 
Cheers,
Carlos.


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-12 13:26       ` Carlos O'Donell
@ 2021-11-22  4:03         ` Joel Brobecker
  2021-11-24 10:09           ` Mark Wielaard
  0 siblings, 1 reply; 19+ messages in thread
From: Joel Brobecker @ 2021-11-22  4:03 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Carlos O'Donell, Mark Wielaard, Pedro Alves, Simon Marchi,
	Joel Brobecker

Hello,

Thanks everyone who provided feedback on this issue.

I think we all agree to change the bugzilla configuration to force
users who want to create an account to talk to someone from the
community first.

Does anyone know how this would work? Do we redirect people to
a mailing-list, and then those in the mailing-list create accounts
for those new users?

-- 
Joel

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-22  4:03         ` Joel Brobecker
@ 2021-11-24 10:09           ` Mark Wielaard
  2021-11-24 14:55             ` Frank Ch. Eigler
  0 siblings, 1 reply; 19+ messages in thread
From: Mark Wielaard @ 2021-11-24 10:09 UTC (permalink / raw)
  To: Joel Brobecker, Overseers mailing list
  Cc: Carlos O'Donell, Pedro Alves, Simon Marchi

Hi,

On Mon, 2021-11-22 at 08:03 +0400, Joel Brobecker wrote:
> I think we all agree to change the bugzilla configuration to force
> users who want to create an account to talk to someone from the
> community first.
> 
> Does anyone know how this would work? Do we redirect people to
> a mailing-list, and then those in the mailing-list create accounts
> for those new users?

Unfortunately I don't know how to set this up. But given gcc apparently
has this in place already hopefully we can borrow their setup (and
mailing-list?). Both are hosted on sourceware.

I'll try poking some gcc developers to see if someone knows how it is
setup for them and if we can share resources.

Cheers,

Mark

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-24 10:09           ` Mark Wielaard
@ 2021-11-24 14:55             ` Frank Ch. Eigler
  2021-11-24 23:40               ` Mark Wielaard
  0 siblings, 1 reply; 19+ messages in thread
From: Frank Ch. Eigler @ 2021-11-24 14:55 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Joel Brobecker, Mark Wielaard, Simon Marchi, Pedro Alves

Hi -

> > Does anyone know how this would work? Do we redirect people to
> > a mailing-list, and then those in the mailing-list create accounts
> > for those new users?
> 
> Unfortunately I don't know how to set this up.  [...]

How about let's keep simple and direct people to overseers@ for now.

- FChE

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-24 14:55             ` Frank Ch. Eigler
@ 2021-11-24 23:40               ` Mark Wielaard
  2021-11-25  0:19                 ` Frank Ch. Eigler
  0 siblings, 1 reply; 19+ messages in thread
From: Mark Wielaard @ 2021-11-24 23:40 UTC (permalink / raw)
  To: Frank Ch. Eigler
  Cc: Overseers mailing list, Joel Brobecker, Simon Marchi, Pedro Alves

Hi Frank,

On Wed, Nov 24, 2021 at 09:55:11AM -0500, Frank Ch. Eigler wrote:
> > > Does anyone know how this would work? Do we redirect people to
> > > a mailing-list, and then those in the mailing-list create accounts
> > > for those new users?
> > 
> > Unfortunately I don't know how to set this up.  [...]
> 
> How about let's keep simple and direct people to overseers@ for now.

That is fine if all volunteers are subscribed to overseers and you
aren't afraid it will overwhelm this list.  But we also need a way to
disable new user signups, make people aware they need to provide
(which?) information to the mailinglist and a way for volunteers to
take that information and create new accounts.

Cheers,

Mark


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-24 23:40               ` Mark Wielaard
@ 2021-11-25  0:19                 ` Frank Ch. Eigler
  2021-11-25 17:49                   ` Joseph Myers
  2021-11-28 17:01                   ` Mark Wielaard
  0 siblings, 2 replies; 19+ messages in thread
From: Frank Ch. Eigler @ 2021-11-25  0:19 UTC (permalink / raw)
  To: Mark Wielaard
  Cc: Overseers mailing list, Joel Brobecker, Simon Marchi, Pedro Alves

Hi -

> > How about let's keep simple and direct people to overseers@ for now.
> 
> That is fine if all volunteers are subscribed to overseers and you
> aren't afraid it will overwhelm this list.  But we also need a way to
> disable new user signups

Ummmmmmmmmmmm about that.  How is this part supposed to work on gcc's
bugzilla?  I just made myself a test user there, with no one else's
approval, and ended up with a user that could append to an existing
bug.  I think someone may have pooched the bugzilla administrative
setting "createemailregexp", setting it to ".*", at some point.
Should these be set to a magic value to actually impose restrictions?

> make people aware they need to provide (which?) information to the
> mailinglist and

That's a matter of <template/en/default/account/create.html.tmp>, which
is now updated on sourceware-bugzilla.

> a way for volunteers to take that information and create new
> accounts.

That's a matter of any bugzilla administrator reading this mailing list
and doing the deed on the administrative Users/New form:

https://sourceware.org/bugzilla/editusers.cgi?action=add

- FChE

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-25  0:19                 ` Frank Ch. Eigler
@ 2021-11-25 17:49                   ` Joseph Myers
  2021-11-25 17:54                     ` Frank Ch. Eigler
  2021-11-28 17:01                   ` Mark Wielaard
  1 sibling, 1 reply; 19+ messages in thread
From: Joseph Myers @ 2021-11-25 17:49 UTC (permalink / raw)
  To: Frank Ch. Eigler via Overseers
  Cc: Mark Wielaard, Frank Ch. Eigler, Simon Marchi, Joel Brobecker,
	Pedro Alves

On Wed, 24 Nov 2021, Frank Ch. Eigler via Overseers wrote:

> Hi -
> 
> > > How about let's keep simple and direct people to overseers@ for now.
> > 
> > That is fine if all volunteers are subscribed to overseers and you
> > aren't afraid it will overwhelm this list.  But we also need a way to
> > disable new user signups
> 
> Ummmmmmmmmmmm about that.  How is this part supposed to work on gcc's
> bugzilla?  I just made myself a test user there, with no one else's
> approval, and ended up with a user that could append to an existing
> bug.  I think someone may have pooched the bugzilla administrative
> setting "createemailregexp", setting it to ".*", at some point.
> Should these be set to a magic value to actually impose restrictions?

See extensions/GCC/lib/Constants.pm, BLACKLISTED_DOMAINS.  The idea is 
that users of a range of typically free webmail domains have to go through 
the manual account creation process, while users with other domains 
(personal, corporate, academic, etc.) can typically create their own 
accounts without needing manual approval.  Note that the message in 
template/en/default/account/create.html.tmpl about account creation 
failure (customized for GCC) says "If creating an account fails" - whether 
it fails depends on the domain (and 
template/en/default/global/user-error.html.tmpl has the message given if 
an attempt to create an account fails, again customized for GCC).

-- 
Joseph S. Myers
joseph@codesourcery.com

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-25 17:49                   ` Joseph Myers
@ 2021-11-25 17:54                     ` Frank Ch. Eigler
  2021-11-25 17:59                       ` Joseph Myers
  0 siblings, 1 reply; 19+ messages in thread
From: Frank Ch. Eigler @ 2021-11-25 17:54 UTC (permalink / raw)
  To: Joseph Myers
  Cc: Frank Ch. Eigler via Overseers, Mark Wielaard, Simon Marchi,
	Joel Brobecker, Pedro Alves

Hi -

On Thu, Nov 25, 2021 at 05:49:39PM +0000, Joseph Myers wrote:
> [...]
> > Ummmmmmmmmmmm about that.  How is this part supposed to work on gcc's
> > bugzilla?  I just made myself a test user there, with no one else's
> > approval [...]
> 
> See extensions/GCC/lib/Constants.pm, BLACKLISTED_DOMAINS.  The idea is 
> that users of a range of typically free webmail domains have to go through 
> the manual account creation process, while users with other domains 
> (personal, corporate, academic, etc.) can typically create their own 
> accounts without needing manual approval.  [...]

Ah.  My vanity domain must not be blacklisted, whew.  After that
email, earlier today, I "fixed" gcc bugzilla to direct all account
requests through to the gcc bugzilla-account-requester list.  Would
you like this set back, or shall we try the new non-discriminating
"everyone gets to ask" format for a while?

- FChE

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-25 17:54                     ` Frank Ch. Eigler
@ 2021-11-25 17:59                       ` Joseph Myers
  0 siblings, 0 replies; 19+ messages in thread
From: Joseph Myers @ 2021-11-25 17:59 UTC (permalink / raw)
  To: Frank Ch. Eigler via Overseers
  Cc: Frank Ch. Eigler, Joel Brobecker, Mark Wielaard, Simon Marchi,
	Pedro Alves

On Thu, 25 Nov 2021, Frank Ch. Eigler via Overseers wrote:

> Hi -
> 
> On Thu, Nov 25, 2021 at 05:49:39PM +0000, Joseph Myers wrote:
> > [...]
> > > Ummmmmmmmmmmm about that.  How is this part supposed to work on gcc's
> > > bugzilla?  I just made myself a test user there, with no one else's
> > > approval [...]
> > 
> > See extensions/GCC/lib/Constants.pm, BLACKLISTED_DOMAINS.  The idea is 
> > that users of a range of typically free webmail domains have to go through 
> > the manual account creation process, while users with other domains 
> > (personal, corporate, academic, etc.) can typically create their own 
> > accounts without needing manual approval.  [...]
> 
> Ah.  My vanity domain must not be blacklisted, whew.  After that
> email, earlier today, I "fixed" gcc bugzilla to direct all account
> requests through to the gcc bugzilla-account-requester list.  Would
> you like this set back, or shall we try the new non-discriminating
> "everyone gets to ask" format for a while?

I think it should be set back so account requests are only needed for 
blacklisted domains such as gmail.com.

-- 
Joseph S. Myers
joseph@codesourcery.com

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-25  0:19                 ` Frank Ch. Eigler
  2021-11-25 17:49                   ` Joseph Myers
@ 2021-11-28 17:01                   ` Mark Wielaard
  2021-11-28 17:35                     ` Frank Ch. Eigler
  1 sibling, 1 reply; 19+ messages in thread
From: Mark Wielaard @ 2021-11-28 17:01 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Frank Ch. Eigler, Simon Marchi, Joel Brobecker, Pedro Alves

Hi Frank,

On Wed, Nov 24, 2021 at 07:19:25PM -0500, Frank Ch. Eigler via Overseers wrote:
> > > How about let's keep simple and direct people to overseers@ for now.
> > 
> > That is fine if all volunteers are subscribed to overseers and you
> > aren't afraid it will overwhelm this list.  But we also need a way to
> > disable new user signups
> 
> Ummmmmmmmmmmm about that.  How is this part supposed to work on gcc's
> bugzilla?  I just made myself a test user there, with no one else's
> approval, and ended up with a user that could append to an existing
> bug.  I think someone may have pooched the bugzilla administrative
> setting "createemailregexp", setting it to ".*", at some point.
> Should these be set to a magic value to actually impose restrictions?

So how does this work now?  As far as I can see the createemailregexp
for gcc is ".*" but for sourceware it is "^$".  So gcc allows
everything, but filters (how?) on the email domain? Would it make
sense to use the same settings for both?

> > make people aware they need to provide (which?) information to the
> > mailinglist and
> 
> That's a matter of <template/en/default/account/create.html.tmp>, which
> is now updated on sourceware-bugzilla.

I would like to update the text so that it asks people to mention the
project they want to report a bug for. So that it is more clear
whether the request is for gcc or a sourceware project. But I don't
really understand how the templates are updated/generated.

> > a way for volunteers to take that information and create new
> > accounts.
> 
> That's a matter of any bugzilla administrator reading this mailing list
> and doing the deed on the administrative Users/New form:
> 
> https://sourceware.org/bugzilla/editusers.cgi?action=add

I find this hard to use. It seems to demand a password and 'Notify
User' isn't enabled by default (should it?). Do people need edituser
permisssion to use this form (who has this and could we maybe make it
so that anybody with editbugs permissions can bless new users?)?

GCC seemed to have a specialized form (although I cannot find it now)
that had more defaults setup correctly. It seems to be defined in
gcc-bugzilla/data/template/extensions/GCC/template/en/default/pages/gcc/addusers.html.tmpl
but I don't know how it is being used.

Cheers,

Mark


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-28 17:01                   ` Mark Wielaard
@ 2021-11-28 17:35                     ` Frank Ch. Eigler
  2021-11-28 18:07                       ` Mark Wielaard
  0 siblings, 1 reply; 19+ messages in thread
From: Frank Ch. Eigler @ 2021-11-28 17:35 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Mark Wielaard, Pedro Alves, Joel Brobecker, Simon Marchi

Hi -

> So how does this work now?  As far as I can see the createemailregexp
> for gcc is ".*" but for sourceware it is "^$".  So gcc allows
> everything, but filters (how?) on the email domain? Would it make
> sense to use the same settings for both?

The GCC side of sourceware uses a domain list to further filter
the .*-accepted ones.  The sourceware side just blocks them all at
the regex level.


> > That's a matter of <template/en/default/account/create.html.tmp>, which
> > is now updated on sourceware-bugzilla.
> 
> I would like to update the text so that it asks people to mention the
> project they want to report a bug for. So that it is more clear
> whether the request is for gcc or a sourceware project. But I don't
> really understand how the templates are updated/generated.

The file name I posted is for the template input: just modify it and
bob is your uncle.  OTOH, only the sourceware bugzilla points people
to overseers@, so it's unambiguous.


> > https://sourceware.org/bugzilla/editusers.cgi?action=add
> 
> I find this hard to use. It seems to demand a password and 'Notify
> User' isn't enabled by default (should it?). Do people need edituser
> permisssion to use this form (who has this and could we maybe make it
> so that anybody with editbugs permissions can bless new users?)?

I don't know.  The people with editusers should be about the same
people as those with editbugs, i.e., bugzilla administrators.  The
higher, the fewer.  The few, the proud.

- FChE


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-28 17:35                     ` Frank Ch. Eigler
@ 2021-11-28 18:07                       ` Mark Wielaard
  2021-11-29 17:12                         ` Joseph Myers
  0 siblings, 1 reply; 19+ messages in thread
From: Mark Wielaard @ 2021-11-28 18:07 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Frank Ch. Eigler, Simon Marchi, Joel Brobecker, Pedro Alves

Hi,

On Sun, Nov 28, 2021 at 12:35:51PM -0500, Frank Ch. Eigler via Overseers wrote:
> > > That's a matter of <template/en/default/account/create.html.tmp>, which
> > > is now updated on sourceware-bugzilla.
> > 
> > I would like to update the text so that it asks people to mention the
> > project they want to report a bug for. So that it is more clear
> > whether the request is for gcc or a sourceware project. But I don't
> > really understand how the templates are updated/generated.
> 
> The file name I posted is for the template input: just modify it and
> bob is your uncle.

Updated.

> > I find this hard to use. It seems to demand a password and 'Notify
> > User' isn't enabled by default (should it?). Do people need edituser
> > permisssion to use this form (who has this and could we maybe make it
> > so that anybody with editbugs permissions can bless new users?)?
> 
> I don't know.  The people with editusers should be about the same
> people as those with editbugs, i.e., bugzilla administrators.  The
> higher, the fewer.  The few, the proud.

It seems only "admins" can use the form. A user with just editbugs
cannot and gets a permission denied: "Sorry, you aren't a member of
the 'editusers' group, and you don't have permissions to add or remove
people from a group, and so you are not authorized to add, modify or
delete users."

Can we somehow make it so that we have a special user creation page so
that also normal editbugs people can add new users? Is there someone
we can ask how this works on the gcc side?

Cheers,

Mark


^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-28 18:07                       ` Mark Wielaard
@ 2021-11-29 17:12                         ` Joseph Myers
  2021-12-17  2:50                           ` Joel Brobecker
  0 siblings, 1 reply; 19+ messages in thread
From: Joseph Myers @ 2021-11-29 17:12 UTC (permalink / raw)
  To: Mark Wielaard via Overseers
  Cc: Mark Wielaard, Joel Brobecker, Simon Marchi, Pedro Alves

On Sun, 28 Nov 2021, Mark Wielaard via Overseers wrote:

> It seems only "admins" can use the form. A user with just editbugs
> cannot and gets a permission denied: "Sorry, you aren't a member of
> the 'editusers' group, and you don't have permissions to add or remove
> people from a group, and so you are not authorized to add, modify or
> delete users."
> 
> Can we somehow make it so that we have a special user creation page so
> that also normal editbugs people can add new users? Is there someone
> we can ask how this works on the gcc side?

I think it's part of the GCC extension to Bugzilla (an addusers 
permission, since editusers is extremely powerful, effectively full admin 
rights).

https://sourceware.org/pipermail/overseers/2017q4/016024.html

-- 
Joseph S. Myers
joseph@codesourcery.com

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-11-29 17:12                         ` Joseph Myers
@ 2021-12-17  2:50                           ` Joel Brobecker
  2021-12-17 17:19                             ` Frank Ch. Eigler
  0 siblings, 1 reply; 19+ messages in thread
From: Joel Brobecker @ 2021-12-17  2:50 UTC (permalink / raw)
  To: Joseph Myers
  Cc: Mark Wielaard via Overseers, Mark Wielaard, Joel Brobecker,
	Simon Marchi, Pedro Alves

Hi everyone,

I just realized that I hadn't received any spam from bugzilla, recently.
And I saw that, indeed, the account creation is now going through
overseers. I wanted to thank you all for making that happen.

Thanks again,
-- 
Joel

^ permalink raw reply	[flat|nested] 19+ messages in thread

* Re: getting spammed on bugzilla
  2021-12-17  2:50                           ` Joel Brobecker
@ 2021-12-17 17:19                             ` Frank Ch. Eigler
  0 siblings, 0 replies; 19+ messages in thread
From: Frank Ch. Eigler @ 2021-12-17 17:19 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Joseph Myers, Joel Brobecker, Simon Marchi, Mark Wielaard, Pedro Alves

Hi -

> I just realized that I hadn't received any spam from bugzilla, recently.
> And I saw that, indeed, the account creation is now going through
> overseers. I wanted to thank you all for making that happen.

Hey no problem, and thanks Mark for handling 95% of the requests so far.

- FChE


^ permalink raw reply	[flat|nested] 19+ messages in thread

end of thread, other threads:[~2021-12-17 17:19 UTC | newest]

Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-11  3:29 getting spammed on bugzilla Joel Brobecker
2021-11-11  3:47 ` Andrew Pinski
2021-11-12  4:40   ` Joel Brobecker
2021-11-12  8:55     ` Mark Wielaard
2021-11-12 13:26       ` Carlos O'Donell
2021-11-22  4:03         ` Joel Brobecker
2021-11-24 10:09           ` Mark Wielaard
2021-11-24 14:55             ` Frank Ch. Eigler
2021-11-24 23:40               ` Mark Wielaard
2021-11-25  0:19                 ` Frank Ch. Eigler
2021-11-25 17:49                   ` Joseph Myers
2021-11-25 17:54                     ` Frank Ch. Eigler
2021-11-25 17:59                       ` Joseph Myers
2021-11-28 17:01                   ` Mark Wielaard
2021-11-28 17:35                     ` Frank Ch. Eigler
2021-11-28 18:07                       ` Mark Wielaard
2021-11-29 17:12                         ` Joseph Myers
2021-12-17  2:50                           ` Joel Brobecker
2021-12-17 17:19                             ` Frank Ch. Eigler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).