14:58 <Porkepix> Hi! I've got a little question regarding freedesktop's gitlab. I wanted to signup to follow some issues and report some others, and as usual for a couple of reasons I prefer a direct signup rather than relying on third-party OAuth. However, I can't use the normal signup considering it forces the use of Google's reCAPTCHA. This is problematic for people trying to avoid it, and

14:58 <Porkepix> also requires user's consent as requested by the GDPR. Is there something planed to handle such cases?

17:26 <eric_engestrom> Porkepix: third-party auths are exactly the solution to that problem :)

17:28 <Porkepix> eric_engestrom: Excepted I tend to avoid them. I don't like the idea to depends on such third parties to participate in FLOSS. On top of that, most of them either have the same issue either are a no-go.

17:32 <eric_engestrom> well, until all spammers in the world decide to stop, we can't _not_ protect ourselves 🤷

17:32 <eric_engestrom> I understand the solutions are not liked by everyone, but they're are necessary

17:34 <eric_engestrom> if you know of another solution, you should suggest it to gitlab and/or propose an implementation; we don't carry custom patches so if you want something else you need to get upstream gitlab to support it

17:36 <Porkepix> eric_engestrom: And they're not efficient. I run a gitlab for an organization, and also had the occasion to talk with the admins of some of other FLOSS projects (VLC, gajim), they suffered from the same spammers abusing the public snippets (I wish this feature could be disabled…), whether recaptcha was enabled or not, because it was manual spammers

17:38 <eric_engestrom> (also, I mentioned spammers but depending on whether you care more about wasting contributor's time or money, those cryptocurrency psychopaths might be a bigger issue since they try to burn our financial resources (and literally burn the planet), whereas spammers "only" waste everyone's time)

17:39 <Porkepix> eric_engestrom: The issue is opened at gitlab for years, and it doesn't looks like they're doing any move regarding this. And aside from personal preferences, captcha services that do not only protect but also gather data, such as recaptcha, are falling under consentement needs regarding GDPR, it was confirmed a couple of months ago by a national data protection authority

17:40 <Porkepix> eric_engestrom: When you talk about cryptocurrencies, is it because CI is kinda on open use and they abuse it to mine their crap?

17:41 <eric_engestrom> I/we know all that, but like I said until either all these attackers stop, or another protection is invented, there's nothing we can do

17:41 <eric_engestrom> yeah, exactly

17:41 <eric_engestrom> (about the CI)

17:42 <Porkepix> So, no ways to contribute for people caring about their privacy…

17:43 <emersion> yeah, i'm unhappy with the captcha as well

17:43 <eric_engestrom> like everything else, it's all about trade-offs: either you allow anything and you get attacked and you die (as a project/organisation), or you put restrictions and some legit people get turned away as well

17:44 <Porkepix> Got the same issue with Gnome. The admins had to create an account manually for me. And even like that I'm constantly being anoyed by the anti-spam thing triggered by whoever knows what (like a link to their own wiki) forbidding me to post (I block recaptcha) or blocking edits and so on.

17:44 <Porkepix> On that side, this is a big regression compared to bugzilla

17:44 <eric_engestrom> personally I don't like (re-)captcha as well, but... * /me repeats how it's necessary *

17:47 <Porkepix> eric_engestrom: Well, not rezlly and alternatives exists, but on that side it completely depends on the good-will of gitlab to provide alternatives. Currently it's aonly possible to toggle off recaptcha and that's all. Also, aside from the cryptocurrencies guys (I didn't encounter the problem), they also don't want to allow disabling features. Many people asked for it because the

17:47 <Porkepix> gitlab I'm admin on, as well as VLC, gajim and many others were abused on the public snippets feature, because these snippets are indexed by search engines; 99% of the abuses were there and their usage was pretty much only abuse, so people would have been happy to disable this.

17:47 <Porkepix> really*

17:50 <eric_engestrom> IIRC we talked about this a while back and came to the same conclusion: disabling snippets wouldn't be much of a loss and would help a lot with the spam

17:51 <Porkepix> Yup, I would have done it if we could

17:52 <Porkepix> https://gitlab.com/gitlab-org/gitlab-foss/-/issues/65355

17:58 <eric_engestrom> have a good weekend everyone 👋

18:36 <Porkepix> Have a nice weekend. I hope there will soon have a solution; I'll try to ask people on IRC if the issue can be reported by other means and I guess bookmark issues