Dirty database of users
jk at ozlabs.org
Tue Apr 2 22:37:12 EST 2013
> What criteria are used to allow someone to create a new account on
There's no criteria; anyone can register through the add-an-account
interface. This creates an (inactive) account, and a corresponding entry
in the 'person' table.
The inactive accounts can then be activated when a link in the account
registration confirmation email is clicked.
It seems that there are automated form-submission bots around, who
submit bogus data to any forms found on the web. Generally, the
intention is to submit comments (typically on blog sites) linking back
to their own sites.
Since no confirmation is ever submitted for these accounts, they remain
> What I'm seeing on my patchwork instance is that there are thousands
> of what it seems to be fake accounts there, like:
What you're seeing here is the new entries in the person table. They'll
correspond to inactive accounts, and are fairly harmless.
Note that if someone comments on a patch, it will also create an entry
in the person table.
> Also, as if one never sent a patch, it has no business to do with
> patchwork. So, I can't see why should he/she should be allowed to
> create an account there.
I think it's legitimate to register an account and never submit a patch.
For example, there may be "administrators" of a project, who manage the
flow of patches into the source tree, who need an account to update patches.
> So, in the case of the patchwork instance I maintain, I'd like to:
> 1) run an script that would delete all users that never sent a
This is better implemented by deleting the accounts that are inactive,
once their account confirmation link has expired. I'll add to the
patchwork cron script to do this.
More information about the Patchwork