Hi,

On 21/05/2025 17:48, Otto Kekäläinen wrote:

Debian has certainly done many things right in the past 30 years, but treatment of new contributors is currently pretty harsh, considering
how many cracks and false turns they need to overcome on to become
regular contributors.

The impact successive roadblocks can have on new contributors motivation
and retention is likely to be underestimated by many long-time
developers as a consequence of survivor bias.

I've also heard things like "well it weeds out those that are not
motivated enough" which could also be said of way too many corporate recruitment processes. You probably know what I'm talking about, and if
you are experienced enough you probably figured out that unless the
offer is really, really outstanding on other grounds the best way to
deal with these is to vote with your feet and go elsewhere (and let
these managers keep whining that they can't find qualified candidates in months).

debbugs is IMO not the most pressing issue right now, though it is
definitely something that should be worked on, as even seasoned
contributors are complaining.

I would first try to improve the Salsa registration process. I
understand the need to prevent recurrent abuse, but the current manual
approval process with its delay and lack of feedback when things go
wrong is likely to discourage casual contributors, as what could have
been done in a few minutes now requires attention over multiple hours or
days.

Ideally it should be possible to register and authenticate using some well-known external identity providers. Google, GitLab and Bitbucket are already listed but IMO GitHub is missing, and adding Microsoft and Apple
might be worth considering.

There is already a self-service web UI at signup.salsa.debian.org.
Currently it only allows creating new teams (GitLab groups), but it
could certainly integrate new features such as:
- a registration request status page, with a nice URI that could be
pasted e.g. on IRC should that be needed
- generating and managing invitation links (or emails) by registered
DDs, DMs and maybe even DCs; such links would only be valid for a
limited time, could only be used once, accounts created with them would
not require manual approval, and the person generating them could be
held accountable for abuse
- allowing any DD to browse pending registrations, view details and
approve a registration.

Other known problems for new contributors include:
- false positives in Debian spam filters and lack of feedback; a
self-service UI to track what happened to a given message-ID would help
- privacy issues with public archives (bugs, mailing-lists, git
repositories, package sources) that show unredacted e-mail addresses; no
easy solution here, the best approach is probably a dedicated address or something like Apple's Hide My Email
- plain old IRC's lack of support for (searchable) channel history, conversation threads, (formatted) code or logs snippets, sharing files
and images, sharing a screen interactively, being usable with
intermittent connections; probably no good solution that would keep interoperability with IRC
- the wiki that requires another separate and manually processed
registration, isn't too convenient to work with and lacks some features.

Anything else you know that could be improved?

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Julien Plissonneau Duquène <sre4ever@free.fr> writes:

I would first try to improve the Salsa registration process. I
understand the need to prevent recurrent abuse, but the current manual approval process with its delay and lack of feedback when things go
wrong is likely to discourage casual contributors, as what could have
been done in a few minutes now requires attention over multiple hours or days.

I would be worried about dropping the manual approval due to the sheer
volume of sophisticated automated spam account creation attacks on any
sort of authentication process with automatic sign-up.

Right now, we are in the enviable position where there is essentially no
spam via Salsa. I have seen what the level of spam looks like with an
automated sign-up process, and it would probably make me disable all of my Salsa notifications, which would be a shame for other reasons. The only
way that companies like GitHub claw their way back from that is by having
a substantial anti-abuse team and a lot of constantly-tweaked automation
to detect and defeat spam. It is very, very easy for anything on the
Internet with public automated registration to immediately drown in SEO
spam.

Maybe there are more effective defenses than I am aware of (captcha
methods are definitely not sufficient in my experience) that we would fall
back on, and if the Salsa admins feel like this wouldn't be a problem, I
would definitely yield to their much greater experience. But it's real bad
out there in ways that I think the larger sites mostly hide because they
put a lot of resources into spam detection and prevention that we don't
have.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 27, 2025 at 10:16:25AM -0700, Russ Allbery wrote:

I would be worried about dropping the manual approval due to the sheer
volume of sophisticated automated spam account creation attacks on any
sort of authentication process with automatic sign-up.

Right now, we are in the enviable position where there is essentially no
spam via Salsa. I have seen what the level of spam looks like with an >automated sign-up process, and it would probably make me disable all of my >Salsa notifications, which would be a shame for other reasons. The only
way that companies like GitHub claw their way back from that is by having
a substantial anti-abuse team and a lot of constantly-tweaked automation
to detect and defeat spam. It is very, very easy for anything on the
Internet with public automated registration to immediately drown in SEO
spam.

Maybe there are more effective defenses than I am aware of (captcha
methods are definitely not sufficient in my experience) that we would fall >back on, and if the Salsa admins feel like this wouldn't be a problem, I >would definitely yield to their much greater experience. But it's real bad >out there in ways that I think the larger sites mostly hide because they
put a lot of resources into spam detection and prevention that we don't
have.

Based on having spent nine years running only a medium-sized site of
this kind (Launchpad), I certainly agree that this sort of thing needs continuous attention. While I was there, we ran automated tools that
weeded out a lot of the most obvious spam, but it was still something
that typically needed a couple of hours a week of staff attention to
avoid the site's reputation being trashed by hosting SEO spam (or
worse), and I'd say we only did a middling job of it during my tenure.
That sort of amount of time is probably more representative of the
likely workload for Debian than something like GitHub's efforts would
be; but it might still be more than we have available.

And I agree that captcha-type methods aren't anywhere near sufficient.
We frequently saw just a few spammy actions coming in from each of
hundreds of different new accounts before the account was abandoned,
suggesting that either somebody had deployed ML to solve captchas automatically, or that they employed some low-waged people to create a
whole bunch of accounts manually.

That said, making it easy for established users to hand out invitation
tokens seems pretty harmless from this point of view (although I don't
know how much effort it would be to build or maintain).

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Debian has certainly done many things right in the past 30 years, but treatment of new contributors is currently pretty harsh, considering
how many cracks and false turns they need to overcome on to become
regular contributors.

The impact successive roadblocks can have on new contributors motivation
and retention is likely to be underestimated by many long-time
developers as a consequence of survivor bias.

Yes, indeed. Many are complacent with their "local optimum" and
everything works for them, but getting there required most likely a
large amount of setup work.

..

I would first try to improve the Salsa registration process. I
understand the need to prevent recurrent abuse, but the current manual approval process with its delay and lack of feedback when things go
wrong is likely to discourage casual contributors, as what could have
been done in a few minutes now requires attention over multiple hours or days.

This used to be a recurring problem for new people I mentor, but the
login screen was improved significantly a few months back, see https://salsa.debian.org/salsa/support/-/issues/467#note_598960

I agree with most of the annoyances you list. I recommend you find the
existing issues, and +1 them (or file new ones, but I think every
issue already has a bug report somewhere). Onnce you have the list of
issues, considering picking the one you feel is most important and
contribute to fixing it, and report back to this list if the thing is
owned by someone who is reluctant to accept contributions to get more visibility.

- Otto

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-05-27 19:16, Russ Allbery a écrit :

I would be worried about dropping the manual approval due to the sheer
volume of sophisticated automated spam account creation attacks on any
sort of authentication process with automatic sign-up.

I'm not suggesting that we simply drop manual approval, as I don't know
of any automated and accurate method that could be used to prevent such
abuse.

I'm rather proposing giving all DDs the power to approve pending
requests, and giving all registered Debian contributors a way to
generate invitation links that would not require further manual approval
(iow these registrations would be "pre-approved" by the contributor
generating the link, and they would be accountable in case of abuse). I
believe this could help to reduce the approval delay in many cases.

I have a few ideas though (beyond captchas) that could eventually be
tried later on a self-approval web UI, but that would indeed require
close collaboration and supervision by Salsa admins so they can pull the
plug at any time once abusers find their way through.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpPbiBNYXkgMjcsIDIwMjUgMTk6MTcsIFJ1c3MgQWxsYmVyeSA8cnJhQGRlYmlhbi5vcmc+IHdy b3RlOgoKPgoKPiBKdWxpZW4gUGxpc3Nvbm5lYXUgRHVxdcOobmUgPHNyZTRldmVyQGZyZWUuZnI+ IHdyaXRlczogCgo+IEkgd291bGQgYmUgd29ycmllZCBhYm91dCBkcm9wcGluZyB0aGUgbWFudWFs IGFwcHJvdmFsIGR1ZSB0byB0aGUgc2hlZXIgCgo+IHZvbHVtZSBvZiBzb3BoaXN0aWNhdGVkIGF1 dG9tYXRlZCBzcGFtIGFjY291bnQgY3JlYXRpb24gYXR0YWNrcyBvbiBhbnkgCgo+IHNvcnQgb2Yg YXV0aGVudGljYXRpb24gcHJvY2VzcyB3aXRoIGF1dG9tYXRpYyBzaWduLXVwLiAKCgpXaXRoIG15 IFNhbHNhIGFkbWkgaGF0IG9uLCBzcGVuZGluZyBzb29vIG11Y2ggdGltZSBvbiBhY2N0IGFwcHJv dmFsOiBUSEFOS1MuIEluZGVlZCwgaXQgaXMgYW5ub3lpbmcgdXMgYSBsb3QsIFNhbHNhIHVzZXJz IHRvbywgYnV0IGFueW9uZSBzZW5kaW5nIHVzIGEgcXVpY2sgZW1haWwgYWx3YXlzIHJlY2VpdmVz IGEgcmVwbHkgaW4gZHVlIHRpbWUuIFRoaXMgaW5kZWVkIGlzIGJldHRlciB0aGFuIGhhdmluZyBi b3RzIHNwYW1taW5nIGFsbCBvZiBTYWxzYS4KCgpJIGxpa2UgdGhlIGludml0YXRpb24gZnJvbSBh IEREIGlkZWEsIHRoYXQgd291bGQgYXZvaWQgdGhlIHBlbmRpbmcgYXBwcm92YWwgcGhhc2UgZm9y IGEgbmV3IGFjY291bnQsIGJ1dCBJIGhhdmUgbm8gY2x1ZSBob3cgdG8gaW1wbGVtZW50IGl0LgoK CkNoZWVycywKCgpUaG9tYXMgR29pcmFuZCAoemlnbykKCgo= PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIE1heSAyNywgMjAyNSAxOToxNywgUnVz cyBBbGxiZXJ5ICZsdDtycmFAZGViaWFuLm9yZyZndDsgd3JvdGU6PC9kaXY+CjxkaXYgZGlyPSJs dHIiPiZndDs8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBKdWxpZW4gUGxpc3Nvbm5lYXUgRHVx dcOobmUgJmx0O3NyZTRldmVyQGZyZWUuZnImZ3Q7IHdyaXRlczogPC9kaXY+CjxkaXYgZGlyPSJs dHIiPiZndDsgSSB3b3VsZCBiZSB3b3JyaWVkIGFib3V0IGRyb3BwaW5nIHRoZSBtYW51YWwgYXBw cm92YWwgZHVlIHRvIHRoZSBzaGVlciA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyB2b2x1bWUg b2Ygc29waGlzdGljYXRlZCBhdXRvbWF0ZWQgc3BhbSBhY2NvdW50IGNyZWF0aW9uIGF0dGFja3Mg b24gYW55IDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IHNvcnQgb2YgYXV0aGVudGljYXRpb24g cHJvY2VzcyB3aXRoIGF1dG9tYXRpYyBzaWduLXVwLiA8L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIi PldpdGggbXkgU2Fsc2EgYWRtaSBoYXQgb24sIHNwZW5kaW5nIHNvb28gbXVjaCB0aW1lIG9uIGFj Y3QgYXBwcm92YWw6IFRIQU5LUy4gSW5kZWVkLCBpdCBpcyBhbm5veWluZyB1cyBhIGxvdCwgU2Fs c2EgdXNlcnMgdG9vLCBidXQgYW55b25lIHNlbmRpbmcgdXMgYSBxdWljayBlbWFpbCBhbHdheXMg cmVjZWl2ZXMgYSByZXBseSBpbiBkdWUgdGltZS4gVGhpcyBpbmRlZWQgaXMgYmV0dGVyIHRoYW4g aGF2aW5nIGJvdHMgc3BhbW1pbmcgYWxsIG9mIFNhbHNhLjwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0 ciI+SSBsaWtlIHRoZSBpbnZpdGF0aW9uIGZyb20gYSBERCBpZGVhLCB0aGF0IHdvdWxkIGF2b2lk IHRoZSBwZW5kaW5nIGFwcHJvdmFsIHBoYXNlIGZvciBhIG5ldyBhY2NvdW50LCBidXQgSSBoYXZl IG5vIGNsdWUgaG93IHRvIGltcGxlbWVudCBpdC48L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIiPkNo ZWVycyw8L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIiPlRob21hcyBHb2lyYW5kICh6aWdvKTwvZGl2 Pgo8YnI+PC9ib2R5PjwvaHRtbD4=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 2025-05-27 20:08, thomas@goirand.fr a écrit :

THANKS. Indeed, it is annoying us a lot, Salsa users too, but anyone
sending us a quick email always receives a reply in due time. This
indeed is better than having bots spamming all of Salsa.

The delay is only a part of the issue, the other part is the lack of
feedback that would allow the user to know if her registration is still
pending or has been rejected.

I like the invitation from a DD idea, that would avoid the pending
approval phase for a new account, but I have no clue how to implement
it.

There is a GitLab feature (Invite members in a project) that does
something related to this, as you could enter e-mail addresses that are
not yet registered on the instance. But it looks like it comes with limitations: you have to invite to a specific existing project, which is different from a new registration where you start by being member of no
project at all. So I would not use this.

I would rather implement a dedicated UI on signup.salsa.d.o
(gitlab-newuser) that would use GitLab's API to create and enable the
new account. Or maybe try to have something more integrated into
GitLab's registration UI, but I don't know if it's possible.

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Julien Plissonneau Duquène <sre4ever@free.fr> writes:

I'm not suggesting that we simply drop manual approval, as I don't know
of any automated and accurate method that could be used to prevent such abuse.

I'm rather proposing giving all DDs the power to approve pending
requests, and giving all registered Debian contributors a way to
generate invitation links that would not require further manual approval
(iow these registrations would be "pre-approved" by the contributor generating the link, and they would be accountable in case of abuse). I believe this could help to reduce the approval delay in many cases.

Ah! Sorry to have been so negative; I have no problem with this. That was
just a reading comprehension failure on my part.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpPbiBNYXkgMjcsIDIwMjUgMjA6NTcsIEp1bGllbiBQbGlzc29ubmVhdSBEdXF1w6huZSA8c3Jl NGV2ZXJAZnJlZS5mcj4gd3JvdGU6Cgo+Cgo+IExlIDIwMjUtMDUtMjcgMjA6MDgsIHRob21hc0Bn b2lyYW5kLmZyIGEgw6ljcml0IDogCgo+ID4gVEhBTktTLiBJbmRlZWQsIGl0IGlzIGFubm95aW5n IHVzIGEgbG90LCBTYWxzYSB1c2VycyB0b28sIGJ1dCBhbnlvbmUgCgo+ID4gc2VuZGluZyB1cyBh IHF1aWNrIGVtYWlsIGFsd2F5cyByZWNlaXZlcyBhIHJlcGx5IGluIGR1ZSB0aW1lLiBUaGlzIAoK PiA+IGluZGVlZCBpcyBiZXR0ZXIgdGhhbiBoYXZpbmcgYm90cyBzcGFtbWluZyBhbGwgb2YgU2Fs c2EuIAoKPgoKPiBUaGUgZGVsYXkgaXMgb25seSBhIHBhcnQgb2YgdGhlIGlzc3VlLCB0aGUgb3Ro ZXIgcGFydCBpcyB0aGUgbGFjayBvZiAKCj4gZmVlZGJhY2sgdGhhdCB3b3VsZCBhbGxvdyB0aGUg dXNlciB0byBrbm93IGlmIGhlciByZWdpc3RyYXRpb24gaXMgc3RpbGwgCgo+IHBlbmRpbmcgb3Ig aGFzIGJlZW4gcmVqZWN0ZWQuIAoKPgoKPiA+IEkgbGlrZSB0aGUgaW52aXRhdGlvbiBmcm9tIGEg REQgaWRlYSwgdGhhdCB3b3VsZCBhdm9pZCB0aGUgcGVuZGluZyAKCj4gPiBhcHByb3ZhbCBwaGFz ZSBmb3IgYSBuZXcgYWNjb3VudCwgYnV0IEkgaGF2ZSBubyBjbHVlIGhvdyB0byBpbXBsZW1lbnQg Cgo+ID4gaXQuIAoKPgoKPiBUaGVyZSBpcyBhIEdpdExhYiBmZWF0dXJlIChJbnZpdGUgbWVtYmVy cyBpbiBhIHByb2plY3QpIHRoYXQgZG9lcyAKCj4gc29tZXRoaW5nIHJlbGF0ZWQgdG8gdGhpcywg YXMgeW91IGNvdWxkIGVudGVyIGUtbWFpbCBhZGRyZXNzZXMgdGhhdCBhcmUgCgo+IG5vdCB5ZXQg cmVnaXN0ZXJlZCBvbiB0aGUgaW5zdGFuY2UuIEJ1dCBpdCBsb29rcyBsaWtlIGl0IGNvbWVzIHdp dGggCgo+IGxpbWl0YXRpb25zOiB5b3UgaGF2ZSB0byBpbnZpdGUgdG8gYSBzcGVjaWZpYyBleGlz dGluZyBwcm9qZWN0LCB3aGljaCBpcyAKCj4gZGlmZmVyZW50IGZyb20gYSBuZXcgcmVnaXN0cmF0 aW9uIHdoZXJlIHlvdSBzdGFydCBieSBiZWluZyBtZW1iZXIgb2Ygbm8gCgo+IHByb2plY3QgYXQg YWxsLiBTbyBJIHdvdWxkIG5vdCB1c2UgdGhpcy4gCgo+Cgo+IEkgd291bGQgcmF0aGVyIGltcGxl bWVudCBhIGRlZGljYXRlZCBVSSBvbiBzaWdudXAuc2Fsc2EuZC5vIAoKPiAoZ2l0bGFiLW5ld3Vz ZXIpIHRoYXQgd291bGQgdXNlIEdpdExhYidzIEFQSSB0byBjcmVhdGUgYW5kIGVuYWJsZSB0aGUg Cgo+IG5ldyBhY2NvdW50LiBPciBtYXliZSB0cnkgdG8gaGF2ZSBzb21ldGhpbmcgbW9yZSBpbnRl Z3JhdGVkIGludG8gCgo+IEdpdExhYidzIHJlZ2lzdHJhdGlvbiBVSSwgYnV0IEkgZG9uJ3Qga25v dyBpZiBpdCdzIHBvc3NpYmxlLiAKCgpQbGVhc2UgZG8gY29udHJpYnV0ZSB0aGlzIHVwc3RyZWFt LCBzbyB3ZSBnZXQgaXQgb24gb3VyIG5leHQgdXBncmFkZSAhCgoKVGhvbWFzIEdvaXJhbmQgKHpp Z28pCgoK PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIE1heSAyNywgMjAyNSAyMDo1NywgSnVs aWVuIFBsaXNzb25uZWF1IER1cXXDqG5lICZsdDtzcmU0ZXZlckBmcmVlLmZyJmd0OyB3cm90ZTo8 L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OzwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IExlIDIw MjUtMDUtMjcgMjA6MDgsIHRob21hc0Bnb2lyYW5kLmZyIGEgw6ljcml0wqA6IDwvZGl2Pgo8ZGl2 IGRpcj0ibHRyIj4mZ3Q7ICZndDsgVEhBTktTLiBJbmRlZWQsIGl0IGlzIGFubm95aW5nIHVzIGEg bG90LCBTYWxzYSB1c2VycyB0b28sIGJ1dCBhbnlvbmUgPC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZn dDsgJmd0OyBzZW5kaW5nIHVzIGEgcXVpY2sgZW1haWwgYWx3YXlzIHJlY2VpdmVzIGEgcmVwbHkg aW4gZHVlIHRpbWUuIFRoaXMgPC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDsgJmd0OyBpbmRlZWQg aXMgYmV0dGVyIHRoYW4gaGF2aW5nIGJvdHMgc3BhbW1pbmcgYWxsIG9mIFNhbHNhLiA8L2Rpdj4K PGRpdiBkaXI9Imx0ciI+Jmd0OzwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IFRoZSBkZWxheSBp cyBvbmx5IGEgcGFydCBvZiB0aGUgaXNzdWUsIHRoZSBvdGhlciBwYXJ0IGlzIHRoZSBsYWNrIG9m IDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IGZlZWRiYWNrIHRoYXQgd291bGQgYWxsb3cgdGhl IHVzZXIgdG8ga25vdyBpZiBoZXIgcmVnaXN0cmF0aW9uIGlzIHN0aWxsIDwvZGl2Pgo8ZGl2IGRp cj0ibHRyIj4mZ3Q7IHBlbmRpbmcgb3IgaGFzIGJlZW4gcmVqZWN0ZWQuIDwvZGl2Pgo8ZGl2IGRp cj0ibHRyIj4mZ3Q7PC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDsgJmd0OyBJIGxpa2UgdGhlIGlu dml0YXRpb24gZnJvbSBhIEREIGlkZWEsIHRoYXQgd291bGQgYXZvaWQgdGhlIHBlbmRpbmcgPC9k aXY+CjxkaXYgZGlyPSJsdHIiPiZndDsgJmd0OyBhcHByb3ZhbCBwaGFzZSBmb3IgYSBuZXcgYWNj b3VudCwgYnV0IEkgaGF2ZSBubyBjbHVlIGhvdyB0byBpbXBsZW1lbnQgPC9kaXY+CjxkaXYgZGly PSJsdHIiPiZndDsgJmd0OyBpdC4gPC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDs8L2Rpdj4KPGRp diBkaXI9Imx0ciI+Jmd0OyBUaGVyZSBpcyBhIEdpdExhYiBmZWF0dXJlIChJbnZpdGUgbWVtYmVy cyBpbiBhIHByb2plY3QpIHRoYXQgZG9lcyA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBzb21l dGhpbmcgcmVsYXRlZCB0byB0aGlzLCBhcyB5b3UgY291bGQgZW50ZXIgZS1tYWlsIGFkZHJlc3Nl cyB0aGF0IGFyZSA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBub3QgeWV0IHJlZ2lzdGVyZWQg b24gdGhlIGluc3RhbmNlLiBCdXQgaXQgbG9va3MgbGlrZSBpdCBjb21lcyB3aXRoIDwvZGl2Pgo8 ZGl2IGRpcj0ibHRyIj4mZ3Q7IGxpbWl0YXRpb25zOiB5b3UgaGF2ZSB0byBpbnZpdGUgdG8gYSBz cGVjaWZpYyBleGlzdGluZyBwcm9qZWN0LCB3aGljaCBpcyA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+ Jmd0OyBkaWZmZXJlbnQgZnJvbSBhIG5ldyByZWdpc3RyYXRpb24gd2hlcmUgeW91IHN0YXJ0IGJ5 IGJlaW5nIG1lbWJlciBvZiBubyA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBwcm9qZWN0IGF0 IGFsbC4gU28gSSB3b3VsZCBub3QgdXNlIHRoaXMuIDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7 PC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDsgSSB3b3VsZCByYXRoZXIgaW1wbGVtZW50IGEgZGVk aWNhdGVkIFVJIG9uIHNpZ251cC5zYWxzYS5kLm8gPC9kaXY+CjxkaXYgZGlyPSJsdHIiPiZndDsg KGdpdGxhYi1uZXd1c2VyKSB0aGF0IHdvdWxkIHVzZSBHaXRMYWImIzM5O3MgQVBJIHRvIGNyZWF0 ZSBhbmQgZW5hYmxlIHRoZSA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBuZXcgYWNjb3VudC4g T3IgbWF5YmUgdHJ5IHRvIGhhdmUgc29tZXRoaW5nIG1vcmUgaW50ZWdyYXRlZCBpbnRvIDwvZGl2 Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IEdpdExhYiYjMzk7cyByZWdpc3RyYXRpb24gVUksIGJ1dCBJ IGRvbiYjMzk7dCBrbm93IGlmIGl0JiMzOTtzIHBvc3NpYmxlLiA8L2Rpdj4KPGJyPjxkaXYgZGly PSJsdHIiPlBsZWFzZSBkbyBjb250cmlidXRlIHRoaXMgdXBzdHJlYW0sIHNvIHdlIGdldCBpdCBv biBvdXIgbmV4dCB1cGdyYWRlICE8L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIiPlRob21hcyBHb2ly YW5kICh6aWdvKTwvZGl2Pgo8YnI+PC9ib2R5PjwvaHRtbD4=

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28/05/2025 00:25, thomas@goirand.fr wrote:

Please do contribute this upstream, so we get it on our next upgrade !

Yes, that's also a possibility.

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 17607 March 1977, Julien Plissonneau Duquène wrote:

The delay is only a part of the issue, the other part is the lack of feedback that would allow the user to know if her registration is
still
pending or has been rejected.

Oh, reject you get a mail. If its deleted, you don't.

I like the invitation from a DD idea, that would avoid the pending
approval phase for a new account, but I have no clue how to implement
it.

I would rather implement a dedicated UI on signup.salsa.d.o
(gitlab-newuser) that would use GitLab's API to create and enable the
new account. Or maybe try to have something more integrated into
GitLab's registration UI, but I don't know if it's possible.

Sounds good, but just before you chose the wrong way: We dislike local
patches to gitlab (makes upgrading hell). So *either* this is a separate
thing just using APIs of gitlab *or* it has to come integrated via
upstream.

--
bye, Joerg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)