Stream: zulip

Topic: zulip policy meeting?


nikomatsakis (Jan 28 2019 at 16:36, on Zulip):

Hi Zulip folks! I was thinking I'd like to make a bit more "active" zulip policy. Maybe the place to start is by scheduling a brief meeting? (Probably after the all hands)

Some of the questions:

cc @pnkfelix @Joshua Liebow-Feeser but also anyone else

davidtwco (Jan 28 2019 at 16:37, on Zulip):

I'm happy to help in any way with this (ie. moderating, helping decide policy, anything where I can be useful).

RalfJ (Jan 28 2019 at 16:37, on Zulip):

also can we somehow avoid having people register with their real names here when they use nicknames elsewhere? my muscle memory fools me every time I try to ping ubsan or shepmaster, for example... and I think partly this is because IIRC Zulip explicitly asks for "real name" or so

nikomatsakis (Jan 28 2019 at 16:38, on Zulip):

@RalfJ ah, yes, that is annoying. If nothing else we could give guidelines about it

nikomatsakis (Jan 28 2019 at 16:38, on Zulip):

not sure if we can customize the "signup" procedure in some way

RalfJ (Jan 28 2019 at 16:38, on Zulip):

it says "Full Name" now

nikomatsakis (Jan 28 2019 at 16:38, on Zulip):

Something that worries me:

RalfJ (Jan 28 2019 at 16:39, on Zulip):

just "Name" or "Nickname" or so might be better

RalfJ (Jan 28 2019 at 16:39, on Zulip):

Something that worries me:

is there some context on this? first time I hear about an attack

nikomatsakis (Jan 28 2019 at 16:39, on Zulip):

(but starting with having more active moderation and some idea of who that is might help)

nikomatsakis (Jan 28 2019 at 16:39, on Zulip):

not sure what to link to, but there was a concentrated attack on rust discord where people were using bots to create fake accounts from all over the map, spam, etc

nikomatsakis (Jan 28 2019 at 16:39, on Zulip):

lasted for a while

RalfJ (Jan 28 2019 at 16:40, on Zulip):

ouch

davidtwco (Jan 28 2019 at 16:41, on Zulip):

Would it be reasonable to require signing into Zulip via GitHub? I have no strong feelings here, I imagine some might, I tend to prefer making separate accounts everywhere. But as this is primarily for project contributors, they're probably going to have a GitHub anyway and that might make it harder to make accounts for spamming?

nikomatsakis (Jan 28 2019 at 17:06, on Zulip):

personally, I would be happy with a 1-to-1 zulip-to-github account, but I'm not sure how possible it is to do

davidtwco (Jan 28 2019 at 17:09, on Zulip):

You can enable and disable authentication methods out of "email", "github" and "google" - I assume that existing accounts would be grandfathered in.

Santiago Pastorino (Jan 28 2019 at 20:06, on Zulip):

could sign ups be moderated? like having people manually accepting sign ups

davidtwco (Jan 28 2019 at 20:07, on Zulip):

Outside of really obvious cases where all the spammer names have something in common, that would just be burdensome I think. There's no way to know if a sign-up from "John Smith" is legitimate or not with only the name.

nikomatsakis (Jan 28 2019 at 20:49, on Zulip):

in the case of the discord attack, they even enabled the discord option that requires phone numbers, but spammers were able to use some service to supply fake phone numbers.

nikomatsakis (Jan 28 2019 at 20:49, on Zulip):

I don't want to over-rotate on that particular point

nikomatsakis (Jan 28 2019 at 20:49, on Zulip):

(protecting against attack)

nikomatsakis (Jan 28 2019 at 20:49, on Zulip):

though it does worry me

nikomatsakis (Jan 28 2019 at 20:50, on Zulip):

I guess at worst we can throw a "no new user" switch for a while. I mostly want to be sure that we have somebody around to react (and a plan for what to do)

Santiago Pastorino (Jan 28 2019 at 21:12, on Zulip):

my point is ... aren't sign ups here from people that are contributing or willing to contribute?

Santiago Pastorino (Jan 28 2019 at 21:13, on Zulip):

I guess if we hand a private link to sign up or something and the contact with contributors is previously made using other medium it lowers the risk a lot

Wesley Wiser (Jan 28 2019 at 21:18, on Zulip):

I like the "require GitHub" logins idea because, in some ways, it shifts the problem to GitHub and it's not unreasonable to require that people wanting to contribute have a GH account anyway

Wesley Wiser (Jan 28 2019 at 21:19, on Zulip):

It would be great though if you didn't have to log in to Zulip just to read messages though

nikomatsakis (Jan 28 2019 at 21:51, on Zulip):

I like the "require GitHub" logins idea because, in some ways, it shifts the problem to GitHub and it's not unreasonable to require that people wanting to contribute have a GH account anyway

I think we should do this, yes. I can just alter it, in fact.

Zarenor (Jan 28 2019 at 21:57, on Zulip):

I'd want to second both the GH login requirement, and the hope of not having to log in to read messages. I hadn't bothered signing up for Zulip until today - I'd seen it floated around a fair bit, but I hadn't joined, on the basis I wasn't sure I had much to contribute. But I'd think it a shame if others like me couldn't read the messages. (Though maybe a GH account isn't too high a hurdle)

Zarenor (Jan 28 2019 at 21:58, on Zulip):

I just know I find reading some of the design notes (like seem to be collected here) really useful in understanding some of the edge cases in features, especially ones there aren't great docs for yet.

Jake Goulding (Jan 29 2019 at 00:16, on Zulip):

reading some of the design notes (like seem to be collected here)

I'd reiterate my stance that Zulip (or IRC or Discord or...) are not the appropriate places for such things. They are good for hashing out the details, but they need to be captured in something more durable (e.g. Markdown in a git repo)

Joshua Liebow-Feeser (Jan 29 2019 at 01:50, on Zulip):

I haven't been too active here recently, so also @Tony Arcieri for somebody from the Secure Code WG who's been around and paying attention.

RalfJ (Jan 29 2019 at 08:46, on Zulip):

in the case of the discord attack, they even enabled the discord option that requires phone numbers, but spammers were able to use some service to supply fake phone numbers.

Wow. I wish I had found such a service when google tried to force me to disclose my phone number to them... but Google knew about all of these services. I am surprised they are still helpful for anything.

pnkfelix (Jan 29 2019 at 09:03, on Zulip):

regarding moderation: do we have facilities for muting and/or blocking someone from joining a stream and/or server?

davidtwco (Jan 29 2019 at 09:33, on Zulip):

We can kick people from a stream but I don't know what's stopping them joining again (outside of that stream being private and invite-only)

davidtwco (Jan 29 2019 at 09:36, on Zulip):

As far as the entire server, we can deactivate accounts.

pnkfelix (Jan 29 2019 at 09:43, on Zulip):

which users have those moderation/administrative capabilities? Is there a separation between moderation capabilities versus other stuff that could affect the server?

davidtwco (Jan 29 2019 at 09:46, on Zulip):

I do. Niko obviously does. I'm not too sure who else. I don't think there is a moderator/admin distinction.

davidtwco (Jan 29 2019 at 09:47, on Zulip):

This is somewhere that Zulip definitely lacks, there aren't that many options for these things.

davidtwco (Jan 29 2019 at 09:48, on Zulip):

Looks like anyone on the core team with an account has admin.

davidtwco (Jan 29 2019 at 09:48, on Zulip):

And yourself.

pnkfelix (Jan 29 2019 at 10:26, on Zulip):

yeah, my question was meant more as a thought-exercise. Maybe it is okay to not require a moderator/admin distinction for this forum, at least for now. But its something that Zulip should probably be thinking about.

nikomatsakis (Jan 29 2019 at 14:15, on Zulip):

To bring this back:

I guess we should create a doodle poll for a good time for a meeting or something? I'd basically be open to whomever getting involved that wants to.

Last update: Nov 17 2019 at 08:00UTC