Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider abuse #59

Open
daniel-beck opened this issue Jul 25, 2022 · 1 comment
Open

Consider abuse #59

daniel-beck opened this issue Jul 25, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@daniel-beck
Copy link

daniel-beck commented Jul 25, 2022

What feature do you want to see added?

The design of this bot needs to consider what happens in the case of abuse. It doesn't look like that's been done.

  • Some rando shows up and runs all the bot commands just to see what happens.
  • A jenkinsci org member (asked nicely for org membership but otherwise some rando) shows up and runs all the bot commands just to see what happens.

It's not like we've never been subject to this before, see e.g. nonsensical votes in changelog weather feedback, spam on the wiki and in Jira.

Some suggestions:

  • Rate limiting
  • Safer defaults than "the entire internet can do everything except close PRs"
  • Audit logging, notifications sent to a channel (e.g. #jenkins-infra on IRC)
  • Easy way to batch-undo actions by certain users

Upstream changes

No response

@daniel-beck daniel-beck added the enhancement New feature or request label Jul 25, 2022
@timja
Copy link
Owner

timja commented Jul 25, 2022

Audit logging

Audit logging is done currently by logging all actions and includes the GitHub username. It should be enhanced by adding the timestamp.

This was referenced Aug 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants