FYI: Spam in Bitbucket

[Robert Lehmann]

Hi all,

this account is currently vandalizing our Bitbucket issue tracker — I received about 20 such weird junk comments or nonsense approvals tonight (some of which they seem to have removed again.)

I have escalated the issue with Bitbucket staff on Twitter for lack of a better communication channel.  I guess there is no way to lock down our Bitbucket repository / issue tracker for further comments?  What about disabling it (since all history is preserved on Github?)

Cheers,

Robert

---------- Forwarded message ----------
From: Imre Thóth
Date: Sat, Mar 7, 2015 at 1:53 PM
Subject: Re: [Bitbucket] Issue #1270: Incorrect encoding of doc strings of properties inherited from class defined in different module containing correct encoding declaration (birkenfeld/sphinx)

Imre Thóth commented on issue #1270: Incorrect encoding of doc strings of properties inherited from class defined in different module containing correct encoding declaration If local changes directly conflict with upstream commits, Git will pause the rebasing process and give you a chance to manually resolve the conflicts. The nice thing about Git is that it uses the same git status and git add commands for both generating commits and resolving merge conflicts. This makes it easy for new developers to manage their own merges. Plus, if they get themselves into trouble, Git makes it very easy to abort the entire rebase and try again (or go find help). View this issue or add a comment by replying to this email.

[Takayuki Shimizukawa]

Hi,

On Sun, Mar 8, 2015 at 8:05 AM Robert Lehmann <ma...@robertlehmann.de> wrote:

Hi all,

this account is currently vandalizing our Bitbucket issue tracker — I received about 20 such weird junk comments or nonsense approvals tonight (some of which they seem to have removed again.)

I removed some spam comments, as soon as I found (in few minutes).

However I couldn't prevent "nonsense approvals" for old commits.

I have escalated the issue with Bitbucket staff on Twitter for lack of a better communication channel.  I guess there is no way to lock down our Bitbucket repository / issue tracker for further comments?  What about disabling it (since all history is preserved on Github?)

Yes, all issues and comments are transported.

Some statuses (change of milestone, component, or non-comment change) are not transported, but it's a trivial information.

As Robert mentioned, we can't disable Bitbucket comment with keeping repository / issue tracker. However, if we disable repository and issue tracker entirely, users can't reach to Github repository because Sphinx-1.2 indicates Bitbucket URL and 1.2 is still latest stable version.

For now, vandalizing seems to have stopped.

Once if attack is resumed, let's closed after tonight(?) of the 1.3 release.

 

Cheers,

Robert

Regards, 

--

Takayuki SHIMIZUKAWA

http://about.me/shimizukawa

 

---------- Forwarded message ----------
From: Imre Thóth
Date: Sat, Mar 7, 2015 at 1:53 PM
Subject: Re: [Bitbucket] Issue #1270: Incorrect encoding of doc strings of properties inherited from class defined in different module containing correct encoding declaration (birkenfeld/sphinx)

Imre Thóth commented on issue #1270: Incorrect encoding of doc strings of properties inherited from class defined in different module containing correct encoding declaration If local changes directly conflict with upstream commits, Git will pause the rebasing process and give you a chance to manually resolve the conflicts. The nice thing about Git is that it uses the same git status and git add commands for both generating commits and resolving merge conflicts. This makes it easy for new developers to manage their own merges. Plus, if they get themselves into trouble, Git makes it very easy to abort the entire rebase and try again (or go find help). View this issue or add a comment by replying to this email.

--
You received this message because you are subscribed to the Google Groups "sphinx-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Robert Lehmann]

For the record:  Bitbucket has responded and disabled the account.

If I understand correctly we could disable (or ‘set private’ for posterity) the Bitbucket issue tracker completely (Settings › Issues.)

[Takayuki Shimizukawa]

Hi Robert,

On Tue, Mar 10, 2015 at 4:36 PM Robert Lehmann <rob...@robertlehmann.de> wrote:

For the record:  Bitbucket has responded and disabled the account.

Thanks!

But, unfortunately, spam comments come back.

If I understand correctly we could disable (or ‘set private’ for posterity) the Bitbucket issue tracker completely (Settings › Issues.)

Sphinx-1.3 has been released and we can disable old issue tracker.

For now, I've changed the permission as "private".

To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "sphinx-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "sphinx-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-dev+unsubscribe@googlegroups.com.

[Robert Lehmann]

Sigh.  I have sent another notice to the Bitbucket staff;  thanks for your help on the issue.

To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-dev+...@googlegroups.com.