daniel:// stenberg://
bagder@mastodon.social
The day is still young. But in #curl we already had...
Weirdo one: adds 7 comments to the first #curl commit on GitHub. The comments look like maybe a file listing of files that existed in that first git commit?
Banned.
Weirdo two: creates a new issue from a short (seemingly random) comment someone did in an ongoing open PR. Adding nothing new.
Banned.
Both cases completely inexplicable and weird.
7
0
0
”
daniel:// stenberg://
bagder@mastodon.social@BradRubenstein slop usually looks better than this, but who knows!
0
0
0
@bagder aliens trying to learn how to github?
Or maybe someone gave an AI methods for interacting with github without explaining to it what github is?
0
0
0
@bagder I've had one person that was just pouring their mind out to issues in the Mastodon Android app repo. It was a weekly occurrence. There were some nonsensical feature requests, sometimes not even for the app itself but for the platform as a whole. We gave them several warnings, but that didn't work, so we banned them.
0
0
0
daniel:// stenberg://
bagder@mastodon.social@bplein they weren't pull requests, there was nothing to merge...
1
0
0
Vincent Biret
vincentbiret@hachyderm.io@bagder more often than not, weird interactions like those are people probing for injection in the CI to steal tokens.
A good indicator is if the comment has been edited.
1
0
0
daniel:// stenberg://
bagder@mastodon.social@vincentbiret how are comments or new issues able to probe anything like that? You probably think of PRs, but these weren't.
1
0
0
Bill Plein🌶
bplein@bvp.me@bagder After my coffee, I now see that’s what you said. ☕️
Strange indeed.
0
1
0
Vincent Biret
vincentbiret@hachyderm.io@bagder if you're using those "fields" in workflows to do things like automatically add labels, generate changelogs, etc...
The trick is to make sure you always use intermediate environment variables and NEVER directly use the value in scripts. Doing so, automatic escaping will be done for you.
1
0
0
