This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug web/72856] Trottle bug creation for newly created accounts (to limit spam)
- From: "LpSolit at netscape dot net" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Wed, 10 Aug 2016 12:32:54 +0000
- Subject: [Bug web/72856] Trottle bug creation for newly created accounts (to limit spam)
- Auto-submitted: auto-generated
- References: <bug-72856-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72856
--- Comment #5 from Frédéric Buclin <LpSolit at netscape dot net> ---
(In reply to Gerald Pfeifer from comment #2)
> As for rate throttling, how about only allowing for a single bug
> report per day until a bug report has been "processed"
Isn't one bug per day a bit rude for legit users? I would be tempted to say
that above 2 or 3 new bug reports, it's reasonable to question if the user is
trying to spam Bugzilla or not. This is why I made the proposal in comment 0 to
use something exponential. This would give us something like:
3**n-1 5**n
====== ====
T0 : account created T0 : account created
T0 : 1st bug created T0+1min : 1st bug created
T0+2min : 2nd bug created T0+6min : 2nd bug created
T0+10min: 3rd bug created T0+31min: 3rd bug created
T0+36min: 4th bug created T0+2.5h : 4th bug created
T0+2h : 5th bug created T0+13h : 5th bug created
T0+6h : 6th bug created T0+65h : 6th bug created
T0+18h : 7th bug created etc...
T0+55h : 8th bug created
etc...
So a spammer could file at most 6-8 bugs in a week, but a legit user could
still easily file his first 2-3 bugs in a half hour. Of course, this rate limit
would only apply to users without editbugs privileges, so e.g. @gcc.gnu.org
accounts would not be affected.