On 01-09-2024 12:26, Levente Polyak wrote:
Sep 1, 2024 11:49:46 Morten Linderud <foxbo...@archlinux.org>:
I think it's important to specify how the moderation capabilities are. Public
paste services are *bounds* to be abused and can distribute malicious files and
illegal files. This needs to be dealt with and should probably not cause too
much friction.
This is also my main concern, both in terms of users as well as putting more
burden on devops to comply with official complaint requests that come in
through the hosting provider.
So if we want to see something like this, I strongly recommend we put in some
measures. I'd like to see a proper moderation tool, as well as a native way to
report a violation, so it's easy to moderate. On top, I'd like to see this
being connected to our keycloak via OIDC as an identity provider, much like
Ubuntu One does, not allowing arbitrary unauthenticated use. Massively limit
the maximum upload size to something like 1MB, or even less, would also be
advised, we really shouldn't be a file hosting provider, but an Arch text paste
service if at all.
It's certainly helpful and nice to have a paste service to quickly share a config,
snippet, error log or similar, but I'm very concerned about the potential of misuse
beyond this. I understand this all may go way beyond a simple "let's host
rustypaste" idea, I don't really want to exhaust our devops team even more with such
tasks, and we also had reasons to lock down our hedgedoc to a staff only service.
+1
For users there are plenty of pastebin alternatives, for staff we can
use md.archlinux.org to share notes, pastes. Regarding abuse, see for
example what 0x0.st does against detecting awful nsfw content
https://git.0x0.st/mia/0x0
