Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114341
Return-Path: <cmbecker69@gmx.de>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 97088 invoked from network); 10 May 2021 14:05:26 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 May 2021 14:05:26 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 86F36180508
	for <internals@lists.php.net>; Mon, 10 May 2021 07:12:58 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,NICE_REPLY_A,
	RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <cmbecker69@gmx.de>
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 10 May 2021 07:12:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
	s=badeba3b8450; t=1620655976;
	bh=T8zPkxn42+Sh/zH3Vl8BZ/PhEJKxekIW2+o9esC8wgg=;
	h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To;
	b=fDKJeuagDBDgeWQjnf+5on4eLLrw37SFzOC62qLOT8EGMhoLaM9qgHo6EZg1uhBcK
	 9W0zRvNHnc05BoMDa4TCppcet0OZ2h0YxlcUI2UXzqC9phidBccyuk+uMZ45zR7buc
	 4DLuzFtGxPLAEZZDJkPqzyIjXhF5b6UI2qjSjx0w=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.2.130] ([84.179.251.96]) by mail.gmx.net (mrgmx105
 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MtOKc-1lO9IM08qM-00uuep; Mon, 10
 May 2021 16:12:56 +0200
To: Andreas Heigl <andreas@heigl.org>, internals@lists.php.net
References: <CAOwTYAtOti3+Tv9Cu5fK6bQ3tjAibRHUWOctnQFfGJyaoQYExw@mail.gmail.com>
 <bbbfa159-405e-2325-f526-c0f30d077da5@kurilo.me>
 <addf0977-c650-69a2-a5cb-2956542fc909@heigl.org>
Message-ID: <ba03f86d-7133-8069-c4a4-25410936442b@gmx.de>
Date: Mon, 10 May 2021 16:12:55 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <addf0977-c650-69a2-a5cb-2956542fc909@heigl.org>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:H4Cm5sAna5jWJzzTt1yPvuKyEKvQybRvY4BRcx0Yh+QCFhuWpeH
 H1hJkN6LsEvQPorFJpmZS2hMEWgSVMM1jFpFeFekfoVYMZTPLVB9or44o6dRrR3UAKqI6Fz
 ej/8SgEAWPpR5Pq81vUaHKwuboNbzo8rUzEkpNy+1TAa1YN1R7xhj6wZeftVmXlRq+4aQDq
 Bq0TFZNS6FO4rSjyvpDdA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:dDhXAMBSu3M=:Ce2JCLu1qkkxNRTQNntrpQ
 pRuKkrgt/VvoExoUVvVJdg4No79OXTYIeFpP/DrXeg29slb8qzBn7raR8ESxGtdCp2hlCWU+u
 KzsIAMb51dUajIor7nosXbr/X7q2L61PR9pNnp0jb4H13SI6dat+buuv4cL2VbsU6NzGU2Aw9
 AzieQZk9xPm9RzqCQhXaCN2n9FjJZWJdFswr8B/8CsxqlJ2gxyk4GyjbQ//PiLDVQwCDZxL4H
 CcX4p+Ma3ks/nPuz0X8zCkhgsb7Rkr+/t3SEhmAom866KFSlvu1bn6t+085Twsx/clqPmAQgx
 YHsNCIUtBMysLM9ExmGwGxQxZh5T/cc03UBm1lQiObZY2bdeS5pGXc0QJAbOjQ75HfAyt1vFU
 EvPByMwoGgwWQlxHRJ47VtX2Uj0WknlSnte1rpWd1s7rS1vah8FMMsUasNuEYAbRnWmhMG1vB
 1fNC7XQaI8SgtH/Yb+A86HKDvkBDiydCUrBiK4ayo/eisP+XlakFWuCpumK5YoYO42CjOufwM
 Hhbvb9mgGGy358+cAk9zI7rr0GCaA2jRAVg2GHve9ZqmhGO5rdPSlTx49eaXgXogEP+sbdWNf
 0pTI8X+dleD+7w0tOasdiyi6hkLVaitlf+S0iFZeYaSZRCvfoOrOjvXgb9iZGX1A4V6nblauS
 RXisWO2S+lvWZioI4v/wNxPksKXdXftgJR3cNwOvm/oZpIBfIV3ixUhUISuhzcfUEAPv0X68O
 7mX1lB8VUuqlO56L64yHIR6rCqeA1cQn3P4dpYSAPl4Ym5TBFQQ9GHzg+p49zXvik/Qhrteg1
 OQEzZWLRBHVvwjwMle7kFKG+o6fdzqjQF8GrITBOD78ZR81KQBHLokKLCJx00auzuXVUzL/9C
 GtJVKmXBIPb5xOfkiINTonRTWG7JNsCxjFhWd06S3oFAQLaWbDJLBSaPrWR9dce3ceW29arHr
 /Ritkdt/zbL9sqvoXRQF/Muu73zFNK4k9bf1gOjCu6+yeZX+wPdRW/BaXp3OrePyPIU1Mfh0o
 INnmUspw8IlLJ8yvI70ocfVKmrjknA+waZEd7uREZNmjfIyPx0VcrHXVWioUqu0gacqO+lolW
 wqfESRIvHvXnq9sNvZ+dJ7FquMRlZAgCiKJzoluSaRS4w9u+PnE5fIxxJ4KFDV9d9ADzIuYq1
 /VVEoKVWhx2XaRRm1QuH+LgWaZH6UdKJEknDpM/rFsqDZ7lqtptq48H27+mdJ/LLrfW1Q=
Subject: Re: [PHP-DEV] Bugsnet
From: cmbecker69@gmx.de ("Christoph M. Becker")

On 10.05.2021 at 15:39, Andreas Heigl wrote:
> Hey All
>
> Am 10.05.21 um 14:44 schrieb Alexander Kurilo via internals:
>> On 09/05/2021 09:48, Joe Watkins wrote:
>>> Morning internals,
>>>
>>> We have a spam problem on bugsnet, it's not a new problem. Nikita had =
to
>>> waste time deleting 20 odd messages from bugsnet yesterday and this is=
 a
>>> common, daily occurrence. We clearly don't have time for this.
>>>
>>> Quite aside from spam problems, bugsnet is hidden away in a dark
>>> corner of
>>> the internet that requires a special login, doesn't integrate with sou=
rce
>>> code or our current workflow (very nicely), and doesn't get updated or
>>> developed.
>>
>>
>> So, there are 2 distinct issues: spam from bugsnet (this one can be
>> mitigated by replacing current "solve a problem" challenge by something
>> more sophisticated) and the bugsnet itself being a burden (which can't
>> be solved quickly).
>>
>> Let's separate the two: this way we can have kill the spam in the short
>> term and get enough time to shape out the migration plan if there's a
>> consensus on the matter.
>>
>> What about integrating [recaptcha][1] for now? Integration is rather
>> simple but there are other concerns, e.g. a third-party JS code on the
>> page that accepts security issues.
>
> If so, can we please use something else? Implementing a Honeypot or a
> simple math-captcha isn't that complicated (and I assume that a person
> that can provide a decent bug description can also solve a riddle like
> "Enter the result of 7 plus 2")

We already have a simple math CAPTCHA; it doesn't work, though, if users
switch browser tabs.  Anyhow, I don't think that a CAPTCHA would be
really helpful; we need some real user authentication; this way we could
also block unwanted users.

=2D-
Christoph M. Becker