On 10.05.2021 at 15:39, Andreas Heigl wrote: > Hey All > > Am 10.05.21 um 14:44 schrieb Alexander Kurilo via internals: >> On 09/05/2021 09:48, Joe Watkins wrote: >>> Morning internals, >>> >>> We have a spam problem on bugsnet, it's not a new problem. Nikita had to >>> waste time deleting 20 odd messages from bugsnet yesterday and this is a >>> common, daily occurrence. We clearly don't have time for this. >>> >>> Quite aside from spam problems, bugsnet is hidden away in a dark >>> corner of >>> the internet that requires a special login, doesn't integrate with source >>> code or our current workflow (very nicely), and doesn't get updated or >>> developed. >> >> >> So, there are 2 distinct issues: spam from bugsnet (this one can be >> mitigated by replacing current "solve a problem" challenge by something >> more sophisticated) and the bugsnet itself being a burden (which can't >> be solved quickly). >> >> Let's separate the two: this way we can have kill the spam in the short >> term and get enough time to shape out the migration plan if there's a >> consensus on the matter. >> >> What about integrating [recaptcha][1] for now? Integration is rather >> simple but there are other concerns, e.g. a third-party JS code on the >> page that accepts security issues. > > If so, can we please use something else? Implementing a Honeypot or a > simple math-captcha isn't that complicated (and I assume that a person > that can provide a decent bug description can also solve a riddle like > "Enter the result of 7 plus 2")
We already have a simple math CAPTCHA; it doesn't work, though, if users switch browser tabs. Anyhow, I don't think that a CAPTCHA would be really helpful; we need some real user authentication; this way we could also block unwanted users. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
