Dirty database of users

Jeremy Kerr jk at ozlabs.org
Tue Apr 2 22:37:12 EST 2013

Hi Mauro,

> What criteria are used to allow someone to create a new account on
> patchwork?

There's no criteria; anyone can register through the add-an-account 
interface. This creates an (inactive) account, and a corresponding entry 
in the 'person' table.

The inactive accounts can then be activated when a link in the account 
registration confirmation email is clicked.

It seems that there are automated form-submission bots around, who 
submit bogus data to any forms found on the web. Generally, the 
intention is to submit comments (typically on blog sites) linking back 
to their own sites.

Since no confirmation is ever submitted for these accounts, they remain 

> What I'm seeing on my patchwork instance is that there are thousands
> of what it seems to be fake accounts there, like:
> http://patchwork.linuxtv.org/project/linux-media/list/?submitter=4392&state=*

What you're seeing here is the new entries in the person table. They'll 
correspond to inactive accounts, and are fairly harmless.

Note that if someone comments on a patch, it will also create an entry 
in the person table.

> Also, as if one never sent a patch, it has no business to do with
> patchwork. So, I can't see why should he/she should be allowed to
> create an account there.

I think it's legitimate to register an account and never submit a patch. 
For example, there may be "administrators" of a project, who manage the 
flow of patches into the source tree, who need an account to update patches.

> So, in the case of the patchwork instance I maintain, I'd like to:
> 1) run an script that would delete all users that never sent a
> patch;

This is better implemented by deleting the accounts that are inactive, 
once their account confirmation link has expired. I'll add to the 
patchwork cron script to do this.



More information about the Patchwork mailing list