Thread: Spam on the wiki

On Wed, Dec 16, 2015 at 05:32:19PM +0100, Guillaume Lelarge wrote:
> Hi,
> 
> There's something wrong over here: https://wiki.postgresql.org/wiki/
> Talk:What's_new_in_PostgreSQL_9.1/fr
> 
> And to many more pages. See: https://wiki.postgresql.org/index.php?title=
> Special%3ALog&type=&user=Singhuma893
> 
> Not sure what's the best way to deal with this, but wanted you guys to know
> about it.

Yes, I am trying to fix it but the spam users are creating new pages
faster than I can fix it.  I am concerned we are going to need to revert
the entire wiki to an earlier state.

I see problem users Johnthe and Sanjaypatel but the fixes are geting
re-spammed so quickly I am afraid it is some automated attack that will
be difficult to clean up.  The other problem is that they are _moving_
pages, meaning we have to move them back as well as undo the edits.

I am going to give up trying to undo this until we can get a better
handle on a process of cleanup.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

On Wed, Dec 16, 2015 at 06:06:52PM +0100, Guillaume Lelarge wrote:
>     I am going to give up trying to undo this until we can get a better
>     handle on a process of cleanup.
> 
> 
> 
> Maybe there's a way to pu the wiki on a read-only mode for everyone except some
> of us. That would help stopping them while we fix it. But I don't know if such
> a mode exists.                             +

Agreed.  I cleaned up the page
https://wiki.postgresql.org/wiki/Parallel_Query_Execution and renamed it
back to its original name, but within two minutes it was spammed again.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

Looking at the Wiki's change log, it appears to be logging about 10
changes per second.

Kevin Grittner


On Wed, Dec 16, 2015 at 11:08 AM, Bruce Momjian <bruce@momjian.us> wrote:
> On Wed, Dec 16, 2015 at 06:06:52PM +0100, Guillaume Lelarge wrote:
>>     I am going to give up trying to undo this until we can get a better
>>     handle on a process of cleanup.
>>
>>
>>
>> Maybe there's a way to pu the wiki on a read-only mode for everyone except some
>> of us. That would help stopping them while we fix it. But I don't know if such
>> a mode exists.                             +
>
> Agreed.  I cleaned up the page
> https://wiki.postgresql.org/wiki/Parallel_Query_Execution and renamed it
> back to its original name, but within two minutes it was spammed again.
>
> --
>   Bruce Momjian  <bruce@momjian.us>        http://momjian.us
>   EnterpriseDB                             http://enterprisedb.com
>
> + As you are, so once was I. As I am, so you will be. +
> + Roman grave inscription                             +
>
>
> --
> Sent via pgsql-www mailing list (pgsql-www@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-www



-- 
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Wed, Dec 16, 2015 at 11:09:38AM -0600, Kevin Grittner wrote:
> Looking at the Wiki's change log, it appears to be logging about 10
> changes per second.

Yikes!

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

On Wed, Dec 16, 2015 at 11:09 AM, Kevin Grittner <kgrittn@gmail.com> wrote:
> Looking at the Wiki's change log, it appears to be logging about 10
> changes per second.

Sorry, 10 changes per minute.

Still...

Kevin Grittner

On Wed, Dec 16, 2015 at 5:02 PM, Bruce Momjian <bruce@momjian.us> wrote:
> On Wed, Dec 16, 2015 at 05:32:19PM +0100, Guillaume Lelarge wrote:
>> Hi,
>>
>> There's something wrong over here: https://wiki.postgresql.org/wiki/
>> Talk:What's_new_in_PostgreSQL_9.1/fr
>>
>> And to many more pages. See: https://wiki.postgresql.org/index.php?title=
>> Special%3ALog&type=&user=Singhuma893
>>
>> Not sure what's the best way to deal with this, but wanted you guys to know
>> about it.
>
> Yes, I am trying to fix it but the spam users are creating new pages
> faster than I can fix it.  I am concerned we are going to need to revert
> the entire wiki to an earlier state.
>
> I see problem users Johnthe and Sanjaypatel but the fixes are geting
> re-spammed so quickly I am afraid it is some automated attack that will
> be difficult to clean up.  The other problem is that they are _moving_
> pages, meaning we have to move them back as well as undo the edits.
>
> I am going to give up trying to undo this until we can get a better
> handle on a process of cleanup.

I've blocked those two users, and it looks like Alvarro has done a few more.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Wed, Dec 16, 2015 at 11:16 AM, Dave Page <dpage@pgadmin.org> wrote:

> I've blocked those two users, and it looks like Alvarro has done
> a few more.

There seem to be a lot of user IDs involved.  Do we know whether
there are new user registrations happening, or were all these set
up before the attack?

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
> Either they've found a way to script-generate gmail addresses, or they have
> found a way to break the django hashes.

Or they just hired somebody to do that kind of thing manually. There's
sites for that...

On 12/16/2015 09:22 AM, Andres Freund wrote:
> On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>> Either they've found a way to script-generate gmail addresses, or they have
>> found a way to break the django hashes.
>
> Or they just hired somebody to do that kind of thing manually. There's
> sites for that...
>
>

In the interim, let's just disable edits.

-- 
Command Prompt, Inc. - http://www.commandprompt.com/  503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.

On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd@commandprompt.com> wrote:
> 
>     On 12/16/2015 09:22 AM, Andres Freund wrote:
> 
>         On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
> 
>             Either they've found a way to script-generate gmail addresses, or
>             they have
>             found a way to break the django hashes.
> 
> 
>         Or they just hired somebody to do that kind of thing manually. There's
>         sites for that...
> 
> 
> 
> 
>     In the interim, let's just disable edits.
> 
> 
> New account signups have been temporarily disabled at least. But yes, they
> still have all those accounts against the wiki as well. 

What is the plan for undoing the spam edits?

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

On 12/16/2015 06:29 PM, Bruce Momjian wrote:
> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd@commandprompt.com> wrote:
>>
>>     On 12/16/2015 09:22 AM, Andres Freund wrote:
>>
>>         On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>
>>             Either they've found a way to script-generate gmail addresses, or
>>             they have
>>             found a way to break the django hashes.
>>
>>
>>         Or they just hired somebody to do that kind of thing manually. There's
>>         sites for that...
>>
>>
>>
>>
>>     In the interim, let's just disable edits.
>>
>>
>> New account signups have been temporarily disabled at least. But yes, they
>> still have all those accounts against the wiki as well. 
> 
> What is the plan for undoing the spam edits?

we are working on that, but we have no final answer yet...


Stefan

On 12/16/2015 07:12 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 06:29 PM, Bruce Momjian wrote:
>> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd@commandprompt.com> wrote:
>>>
>>>     On 12/16/2015 09:22 AM, Andres Freund wrote:
>>>
>>>         On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>>
>>>             Either they've found a way to script-generate gmail addresses, or
>>>             they have
>>>             found a way to break the django hashes.
>>>
>>>
>>>         Or they just hired somebody to do that kind of thing manually. There's
>>>         sites for that...
>>>
>>>
>>>
>>>
>>>     In the interim, let's just disable edits.
>>>
>>>
>>> New account signups have been temporarily disabled at least. But yes, they
>>> still have all those accounts against the wiki as well. 
>>
>> What is the plan for undoing the spam edits?
> 
> we are working on that, but we have no final answer yet...

we are currently working on reverting the entire wiki back to a state
before the attack from system backups because it does not seem sensible
to try to revert this in piece meal style.


Stefan

On Wed, Dec 16, 2015 at 07:38:01PM +0100, Stefan Kaltenbrunner wrote:
> >>> New account signups have been temporarily disabled at least. But yes, they
> >>> still have all those accounts against the wiki as well. 
> >>
> >> What is the plan for undoing the spam edits?
> > 
> > we are working on that, but we have no final answer yet...
> 
> we are currently working on reverting the entire wiki back to a state
> before the attack from system backups because it does not seem sensible
> to try to revert this in piece meal style.

Agreed.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

On 12/16/2015 07:38 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 07:12 PM, Stefan Kaltenbrunner wrote:
>> On 12/16/2015 06:29 PM, Bruce Momjian wrote:
>>> On Wed, Dec 16, 2015 at 06:28:18PM +0100, Magnus Hagander wrote:
>>>> On Wed, Dec 16, 2015 at 6:27 PM, Joshua D. Drake <jd@commandprompt.com> wrote:
>>>>
>>>>     On 12/16/2015 09:22 AM, Andres Freund wrote:
>>>>
>>>>         On 2015-12-16 18:21:47 +0100, Magnus Hagander wrote:
>>>>
>>>>             Either they've found a way to script-generate gmail addresses, or
>>>>             they have
>>>>             found a way to break the django hashes.
>>>>
>>>>
>>>>         Or they just hired somebody to do that kind of thing manually. There's
>>>>         sites for that...
>>>>
>>>>
>>>>
>>>>
>>>>     In the interim, let's just disable edits.
>>>>
>>>>
>>>> New account signups have been temporarily disabled at least. But yes, they
>>>> still have all those accounts against the wiki as well. 
>>>
>>> What is the plan for undoing the spam edits?
>>
>> we are working on that, but we have no final answer yet...
> 
> we are currently working on reverting the entire wiki back to a state
> before the attack from system backups because it does not seem sensible
> to try to revert this in piece meal style.

we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
backups already had spam traces in it) - th wiki is live again, user
account signup for the entire community account system is still disabled
until we have a better plan to deal with this crap.



Stefan

Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>> we are currently working on reverting the entire wiki back to a state
>> before the attack from system backups because it does not seem sensible
>> to try to revert this in piece meal style.

> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
> backups already had spam traces in it) - th wiki is live again, user
> account signup for the entire community account system is still disabled
> until we have a better plan to deal with this crap.

"Recent changes" log says there's still at least one active spammer
account.
        regards, tom lane

On 12/16/2015 07:53 PM, Tom Lane wrote:
> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>>> we are currently working on reverting the entire wiki back to a state
>>> before the attack from system backups because it does not seem sensible
>>> to try to revert this in piece meal style.
> 
>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
>> backups already had spam traces in it) - th wiki is live again, user
>> account signup for the entire community account system is still disabled
>> until we have a better plan to deal with this crap.
> 
> "Recent changes" log says there's still at least one active spammer
> account.

yeah thanks for letting us know - the problem is that it looks like the
spammers have pre-created (but not "used" until very recently) a lot of
accounts in the community account system over the last few days (if not
for much longer) and it is not really obvious which ones are "bad" and
which ones are not - we keep working on it :(


Stefan

On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:
> On 12/16/2015 07:53 PM, Tom Lane wrote:
>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>>>> we are currently working on reverting the entire wiki back to a state
>>>> before the attack from system backups because it does not seem sensible
>>>> to try to revert this in piece meal style.
>>
>>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later
>>> backups already had spam traces in it) - th wiki is live again, user
>>> account signup for the entire community account system is still disabled
>>> until we have a better plan to deal with this crap.
>>
>> "Recent changes" log says there's still at least one active spammer
>> account.
> 
> yeah thanks for letting us know - the problem is that it looks like the
> spammers have pre-created (but not "used" until very recently) a lot of
> accounts in the community account system over the last few days (if not
> for much longer) and it is not really obvious which ones are "bad" and
> which ones are not - we keep working on it :(

I think we have it under control now - we have disabled ~200
"suspicious" community accounts, restored a backup of the wiki from ~36h
ago and nuked all the session data from the community auth system and
the wiki to prevent users from reusing existing sessions.
That seems to stablized the situation for now but community auth account
creation is still disabled.

We are currently discussion further actions which will likely involve
adding additional verification for community auth signup and maybe for
posting to the wiki. We are also looking into restoring the handful of
"valid" changes to the wiki between the time of the backup and the time
we restored it.


Stefan

<p dir="ltr">Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan@kaltenbrunner.cc> a écrit :<br /> ><br />
>On 12/16/2015 08:24 PM, Stefan Kaltenbrunner wrote:<br /> > > On 12/16/2015 07:53 PM, Tom Lane wrote:<br />
>>> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:<br /> > >>>> we are currently
workingon reverting the entire wiki back to a state<br /> > >>>> before the attack from system backups
becauseit does not seem sensible<br /> > >>>> to try to revert this in piece meal style.<br /> >
>><br/> > >>> we have now restored a backup from ~2015-12-15 05:00:37 UTC (later<br /> >
>>>backups already had spam traces in it) - th wiki is live again, user<br /> > >>> account signup
forthe entire community account system is still disabled<br /> > >>> until we have a better plan to deal
withthis crap.<br /> > >><br /> > >> "Recent changes" log says there's still at least one active
spammer<br/> > >> account.<br /> > ><br /> > > yeah thanks for letting us know - the problem is
thatit looks like the<br /> > > spammers have pre-created (but not "used" until very recently) a lot of<br />
>> accounts in the community account system over the last few days (if not<br /> > > for much longer) and
itis not really obvious which ones are "bad" and<br /> > > which ones are not - we keep working on it :(<br />
><br/> > I think we have it under control now - we have disabled ~200<br /> > "suspicious" community accounts,
restoreda backup of the wiki from ~36h<br /> > ago and nuked all the session data from the community auth system
and<br/> > the wiki to prevent users from reusing existing sessions.<br /> > That seems to stablized the
situationfor now but community auth account<br /> > creation is still disabled.<br /> ><br /> > We are
currentlydiscussion further actions which will likely involve<br /> > adding additional verification for community
authsignup and maybe for<br /> > posting to the wiki. We are also looking into restoring the handful of<br /> >
"valid"changes to the wiki between the time of the backup and the time<br /> > we restored it.<br /> ><p
dir="ltr">ThanksStefan for all the hard work. 

Guillaume Lelarge <guillaume@lelarge.info> writes:
> Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan@kaltenbrunner.cc> a
> écrit :
>> I think we have it under control now - we have disabled ~200
>> "suspicious" community accounts, restored a backup of the wiki from ~36h
>> ago and nuked all the session data from the community auth system and
>> the wiki to prevent users from reusing existing sessions.
>> That seems to stablized the situation for now but community auth account
>> creation is still disabled.
>> 
>> We are currently discussion further actions which will likely involve
>> adding additional verification for community auth signup and maybe for
>> posting to the wiki. We are also looking into restoring the handful of
>> "valid" changes to the wiki between the time of the backup and the time
>> we restored it.

> Thanks Stefan for all the hard work.

Indeed, and Alvaro too.  I'm sure you guys had better things to be doing
today :-(
        regards, tom lane

On 12/16/2015 09:58 PM, Tom Lane wrote:
> Guillaume Lelarge <guillaume@lelarge.info> writes:
>> Le 16 déc. 2015 9:24 PM, "Stefan Kaltenbrunner" <stefan@kaltenbrunner.cc> a
>> écrit :
>>> I think we have it under control now - we have disabled ~200
>>> "suspicious" community accounts, restored a backup of the wiki from ~36h
>>> ago and nuked all the session data from the community auth system and
>>> the wiki to prevent users from reusing existing sessions.
>>> That seems to stablized the situation for now but community auth account
>>> creation is still disabled.
>>>
>>> We are currently discussion further actions which will likely involve
>>> adding additional verification for community auth signup and maybe for
>>> posting to the wiki. We are also looking into restoring the handful of
>>> "valid" changes to the wiki between the time of the backup and the time
>>> we restored it.
> 
>> Thanks Stefan for all the hard work.
> 
> Indeed, and Alvaro too.  I'm sure you guys had better things to be doing
> today :-(

thanks - but we actually had every single member of the sysadmin team
involved in this incident at some point...
The followup work of implementing additional verification and maybe
moderation steps are probably going to create even more work though.


Stefan

On Wed, Dec 16, 2015 at 12:48 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Thanks Stefan for all the hard work.

Thanks, Stefan.


-- 
Peter Geoghegan

On 12/16/2015 01:17 PM, Peter Geoghegan wrote:
> On Wed, Dec 16, 2015 at 12:48 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> Thanks Stefan for all the hard work.
>
> Thanks, Stefan.
>
>

As someone who used to be on the infrastructure team, these guys are war 
heroes. It is easy to forget the hard work they put in so that the rest 
of us can enjoy this community.

Thanks folks!

JD

-- 
Command Prompt, Inc. - http://www.commandprompt.com/  503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.

> As someone who used to be on the infrastructure team, these guys are war
> heroes. It is easy to forget the hard work they put in so that the rest
> of us can enjoy this community.
> 
> Thanks folks!
> 
> JD

++1

Magnus Hagander <magnus@hagander.net> writes:
> New account signups have been re-enabled, now requiring a captcha.
> Hopefully that will be enough to stop the new spam signups. We'll keep an
> eye on it and disable them again if it seems to happen again.

You probably already noticed, but ... they're at it again.
        regards, tom lane

Magnus Hagander <magnus@hagander.net> writes:
> So they break the captcha in seconds. I'm more and more thinking andres'
> idea that it's actually farmed out to people and not just bots...

Yeah, it's sounding a lot like manual creation of the accounts and then
bots doing the actual spamming.

> My suggestion is we make all edits on the wiki moderated, if that's at all
> possible. It's AFAIK the only service where we allow people to post things
> with no moderation on the content today, and clearly that's not working.

Sigh.  That's pretty ugly, though maybe it will work if you can set it up
so that known members of the community can bypass the moderation.  The
bulk of the legitimate edits probably come from a fairly small number of
people.
        regards, tom lane

On 17-12-2015 12:13, Magnus Hagander wrote:
> Yeah. I have no idea how mediawiki actually works with those things, but
> I'm not sure what else we can do. It's been suggested to have a
> cooling-off period for new accounts, but how long should that be... I
> guess we could have a 2-4 week cooling off period and then some way to
> bypass it by contacting someone manually, but who's going to deal with
> those approvals?
>  
Why don't we create a group of known community members? This group can
edit without restriction but new accounts will be moderated.


--   Euler Taveira                   Timbira - http://www.timbira.com.br/  PostgreSQL: Consultoria, Desenvolvimento,
Suporte24x7 e Treinamento
 

On 2015-12-17 16:01:52 +0100, Magnus Hagander wrote:
> I've shut the wiki down for the moment, pending that somebody who actually
> knows anything about mediawiki shows up..

I've not dealt with this in years, so I might be completely out of date
here. But I think adding something like
$wgGroupPermissions['*']['edit']              = false;
in the config ought to do the trick.

Then we can add a 'approved users' group, and give those edit
permissions. Not perfect, but ought to do as a first step.


Andres

On Thu, Dec 17, 2015 at 3:21 PM, Andres Freund <andres@anarazel.de> wrote:
> On 2015-12-17 16:01:52 +0100, Magnus Hagander wrote:
>> I've shut the wiki down for the moment, pending that somebody who actually
>> knows anything about mediawiki shows up..
>
> I've not dealt with this in years, so I might be completely out of date
> here. But I think adding something like
> $wgGroupPermissions['*']['edit']              = false;
> in the config ought to do the trick.
>
> Then we can add a 'approved users' group, and give those edit
> permissions. Not perfect, but ought to do as a first step.

Thanks - I've done something along those lines, and we've added the
active users from the last 30 days to a new editor group. If anyone
else wants to be added, they'll need to send email to request it for
the time being.


-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage@pgadmin.org> wrote:
> Thanks - I've done something along those lines, and we've added the
> active users from the last 30 days to a new editor group. If anyone
> else wants to be added, they'll need to send email to request it for
> the time being.

Seems reasonable, at least as an interim measure. I doubt we benefit
too much from "drive by" wiki edits.


-- 
Peter Geoghegan

Peter Geoghegan <pg@heroku.com> writes:
> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage@pgadmin.org> wrote:
>> Thanks - I've done something along those lines, and we've added the
>> active users from the last 30 days to a new editor group. If anyone
>> else wants to be added, they'll need to send email to request it for
>> the time being.

> Seems reasonable, at least as an interim measure. I doubt we benefit
> too much from "drive by" wiki edits.

Clarification please: is there a moderation queue in place now for edits
from non-editor users, or are they just summarily refused?
        regards, tom lane

On Thu, Dec 17, 2015 at 11:32:56AM -0800, Peter Geoghegan wrote:
> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage@pgadmin.org> wrote:
> > Thanks - I've done something along those lines, and we've added the
> > active users from the last 30 days to a new editor group. If anyone
> > else wants to be added, they'll need to send email to request it for
> > the time being.
> 
> Seems reasonable, at least as an interim measure. I doubt we benefit
> too much from "drive by" wiki edits.

We do get "drive by" wiki edits on the TODO page.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

On Thu, Dec 17, 2015 at 12:21 PM, Bruce Momjian <bruce@momjian.us> wrote:
> We do get "drive by" wiki edits on the TODO page.

I thought that they had to be discussed on list, first?


-- 
Peter Geoghegan

On Thu, Dec 17, 2015 at 12:23:01PM -0800, Peter Geoghegan wrote:
> On Thu, Dec 17, 2015 at 12:21 PM, Bruce Momjian <bruce@momjian.us> wrote:
> > We do get "drive by" wiki edits on the TODO page.
> 
> I thought that they had to be discussed on list, first?

Yes, they are, but my point is that these are often new people who are
discussing these ideas.  There is of course no rush for them to get on
to the TODO list permanently.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

> On 17 Dec 2015, at 19:38, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> Peter Geoghegan <pg@heroku.com> writes:
>>> On Thu, Dec 17, 2015 at 9:16 AM, Dave Page <dpage@pgadmin.org> wrote:
>>> Thanks - I've done something along those lines, and we've added the
>>> active users from the last 30 days to a new editor group. If anyone
>>> else wants to be added, they'll need to send email to request it for
>>> the time being.
> 
>> Seems reasonable, at least as an interim measure. I doubt we benefit
>> too much from "drive by" wiki edits.
> 
> Clarification please: is there a moderation queue in place now for edits
> from non-editor users, or are they just summarily refused?

They are refused at present. I've yet to find a moderation facility.