On Sat, Dec 2, 2017 at 10:34 PM, Stefan <luke1410_at_posteo.de> wrote:
> On 02/12/2017 19:55, Johan Corveleyn wrote:
>> On Fri, Nov 24, 2017 at 12:20 PM, Johan Corveleyn <jcorvel_at_gmail.com> wrote:
>>> * Make it possible to set up pages that anyone can edit, after
>>> creating an account without interaction with some administrator /
>>> moderator (in moinmoin, a new account needs to be activated by someone
>>> with admin privileges -- too much friction).
>>> - example that triggered this: let's keep a list of distributors /
>>> packagers, and a list of tool vendors / integrators -- would be nice
>>> if people could add themselves to such a page. Apart from that we want
>>> more people to contribute to all kinds of docs / design / discussion.
>> After chatting on #asfinfra (hipchat) with the experts, it seems the
>> above is not an option. The "self-signup" is not well protected (no
>> captcha), so creating pages with liberal permissions (anyone with an
>> account can edit) is a recipe for spam. Maybe we can come up with a
>> simple, pleasant workflow for new people to get added to an
>> editor-group on demand, but that's about it.
> Maybe this is an argument for prioritizing something on my side which
> atm is WiP. It could help with the situation if it's interesting for
> INFRA, but it won't be ready within the next couple of weeks (i.e.
> thinking a time frame around the first half next year). Sry, can't say
> more publicly about this just yet, but it might be exactly the thing
> which could allow INFRA to reconsider their decision on the self-signup
Cool. Looking forward to it :-).
Just to clarify: infra doesn't restrict self-signup (they'd like to
have a good captcha system, but apparently the one from Atlassian
doesn't work well), but they do advise strongly against setting
permissions on pages that allow editing by any authenticated user.
Apparently that ends up with spam sooner or later.
Received on 2017-12-03 01:47:13 CET