Stream: zulip

Topic: zulip policy meeting?


view this post on Zulip nikomatsakis (Jan 28 2019 at 16:36):

Hi Zulip folks! I was thinking I'd like to make a bit more "active" zulip policy. Maybe the place to start is by scheduling a brief meeting? (Probably after the all hands)

Some of the questions:

cc @pnkfelix @Joshua Liebow-Feeser but also anyone else

view this post on Zulip davidtwco (Jan 28 2019 at 16:37):

I'm happy to help in any way with this (ie. moderating, helping decide policy, anything where I can be useful).

view this post on Zulip RalfJ (Jan 28 2019 at 16:37):

also can we somehow avoid having people register with their real names here when they use nicknames elsewhere? my muscle memory fools me every time I try to ping ubsan or shepmaster, for example... and I think partly this is because IIRC Zulip explicitly asks for "real name" or so

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:38):

@RalfJ ah, yes, that is annoying. If nothing else we could give guidelines about it

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:38):

not sure if we can customize the "signup" procedure in some way

view this post on Zulip RalfJ (Jan 28 2019 at 16:38):

it says "Full Name" now

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:38):

Something that worries me:

view this post on Zulip RalfJ (Jan 28 2019 at 16:39):

just "Name" or "Nickname" or so might be better

view this post on Zulip RalfJ (Jan 28 2019 at 16:39):

Something that worries me:

is there some context on this? first time I hear about an attack

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:39):

(but starting with having more active moderation and some idea of who that is might help)

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:39):

not sure what to link to, but there was a concentrated attack on rust discord where people were using bots to create fake accounts from all over the map, spam, etc

view this post on Zulip nikomatsakis (Jan 28 2019 at 16:39):

lasted for a while

view this post on Zulip RalfJ (Jan 28 2019 at 16:40):

ouch

view this post on Zulip davidtwco (Jan 28 2019 at 16:41):

Would it be reasonable to require signing into Zulip via GitHub? I have no strong feelings here, I imagine some might, I tend to prefer making separate accounts everywhere. But as this is primarily for project contributors, they're probably going to have a GitHub anyway and that might make it harder to make accounts for spamming?

view this post on Zulip nikomatsakis (Jan 28 2019 at 17:06):

personally, I would be happy with a 1-to-1 zulip-to-github account, but I'm not sure how possible it is to do

view this post on Zulip davidtwco (Jan 28 2019 at 17:09):

You can enable and disable authentication methods out of "email", "github" and "google" - I assume that existing accounts would be grandfathered in.

view this post on Zulip Santiago Pastorino (Jan 28 2019 at 20:06):

could sign ups be moderated? like having people manually accepting sign ups

view this post on Zulip davidtwco (Jan 28 2019 at 20:07):

Outside of really obvious cases where all the spammer names have something in common, that would just be burdensome I think. There's no way to know if a sign-up from "John Smith" is legitimate or not with only the name.

view this post on Zulip nikomatsakis (Jan 28 2019 at 20:49):

in the case of the discord attack, they even enabled the discord option that requires phone numbers, but spammers were able to use some service to supply fake phone numbers.

view this post on Zulip nikomatsakis (Jan 28 2019 at 20:49):

I don't want to over-rotate on that particular point

view this post on Zulip nikomatsakis (Jan 28 2019 at 20:49):

(protecting against attack)

view this post on Zulip nikomatsakis (Jan 28 2019 at 20:49):

though it does worry me

view this post on Zulip nikomatsakis (Jan 28 2019 at 20:50):

I guess at worst we can throw a "no new user" switch for a while. I mostly want to be sure that we have somebody around to react (and a plan for what to do)

view this post on Zulip Santiago Pastorino (Jan 28 2019 at 21:12):

my point is ... aren't sign ups here from people that are contributing or willing to contribute?

view this post on Zulip Santiago Pastorino (Jan 28 2019 at 21:13):

I guess if we hand a private link to sign up or something and the contact with contributors is previously made using other medium it lowers the risk a lot

view this post on Zulip Wesley Wiser (Jan 28 2019 at 21:18):

I like the "require GitHub" logins idea because, in some ways, it shifts the problem to GitHub and it's not unreasonable to require that people wanting to contribute have a GH account anyway

view this post on Zulip Wesley Wiser (Jan 28 2019 at 21:19):

It would be great though if you didn't have to log in to Zulip just to read messages though

view this post on Zulip nikomatsakis (Jan 28 2019 at 21:51):

I like the "require GitHub" logins idea because, in some ways, it shifts the problem to GitHub and it's not unreasonable to require that people wanting to contribute have a GH account anyway

I think we should do this, yes. I can just alter it, in fact.

view this post on Zulip Zarenor (Jan 28 2019 at 21:57):

I'd want to second both the GH login requirement, and the hope of not having to log in to read messages. I hadn't bothered signing up for Zulip until today - I'd seen it floated around a fair bit, but I hadn't joined, on the basis I wasn't sure I had much to contribute. But I'd think it a shame if others like me couldn't read the messages. (Though maybe a GH account isn't too high a hurdle)

view this post on Zulip Zarenor (Jan 28 2019 at 21:58):

I just know I find reading some of the design notes (like seem to be collected here) really useful in understanding some of the edge cases in features, especially ones there aren't great docs for yet.

view this post on Zulip Jake Goulding (Jan 29 2019 at 00:16):

reading some of the design notes (like seem to be collected here)

I'd reiterate my stance that Zulip (or IRC or Discord or...) are not the appropriate places for such things. They are good for hashing out the details, but they need to be captured in something more durable (e.g. Markdown in a git repo)

view this post on Zulip Joshua Liebow-Feeser (Jan 29 2019 at 01:50):

I haven't been too active here recently, so also @Tony Arcieri for somebody from the Secure Code WG who's been around and paying attention.

view this post on Zulip RalfJ (Jan 29 2019 at 08:46):

in the case of the discord attack, they even enabled the discord option that requires phone numbers, but spammers were able to use some service to supply fake phone numbers.

Wow. I wish I had found such a service when google tried to force me to disclose my phone number to them... but Google knew about all of these services. I am surprised they are still helpful for anything.

view this post on Zulip pnkfelix (Jan 29 2019 at 09:03):

regarding moderation: do we have facilities for muting and/or blocking someone from joining a stream and/or server?

view this post on Zulip davidtwco (Jan 29 2019 at 09:33):

We can kick people from a stream but I don't know what's stopping them joining again (outside of that stream being private and invite-only)

view this post on Zulip davidtwco (Jan 29 2019 at 09:36):

As far as the entire server, we can deactivate accounts.

view this post on Zulip pnkfelix (Jan 29 2019 at 09:43):

which users have those moderation/administrative capabilities? Is there a separation between moderation capabilities versus other stuff that could affect the server?

view this post on Zulip davidtwco (Jan 29 2019 at 09:46):

I do. Niko obviously does. I'm not too sure who else. I don't think there is a moderator/admin distinction.

view this post on Zulip davidtwco (Jan 29 2019 at 09:47):

This is somewhere that Zulip definitely lacks, there aren't that many options for these things.

view this post on Zulip davidtwco (Jan 29 2019 at 09:48):

Looks like anyone on the core team with an account has admin.

view this post on Zulip davidtwco (Jan 29 2019 at 09:48):

And yourself.

view this post on Zulip pnkfelix (Jan 29 2019 at 10:26):

yeah, my question was meant more as a thought-exercise. Maybe it is okay to not require a moderator/admin distinction for this forum, at least for now. But its something that Zulip should probably be thinking about.

view this post on Zulip nikomatsakis (Jan 29 2019 at 14:15):

To bring this back:

I guess we should create a doodle poll for a good time for a meeting or something? I'd basically be open to whomever getting involved that wants to.


Last updated: Oct 11 2021 at 22:34 UTC