Considerations on adding Bitcoin blockchain-based Github spam management strategy

ariard commented at 8:37 pm on March 5, 2024: member

As we’re seeing a spike in the number of Chat-GPT-based spams and other automatic “pure-noise” spams of the repository, we could start to deploy automated flagging of issues opened by “noisy” accounts, not meaningfully contributing to the Bitcoin Core project.

According to the Github API, you can get information on Github users and get back their “null” or “public-facing” email (https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-a-user). From then you can apply anti-spam policy by having one or more privileged Github administrative accounts running from one or more 24 / 7 secure hosts.

A simple spam management policy could be to have every Github user email endpoint timestamped in the Bitcoin blockchain at least 144 blocks before the current BIP113 median time-past. I think such simple policy would still guarantee permissionless contributive access to anyone in the world (not even requirement to own a UTXO).

Relying on the blockchain we’ll have some backward auditability of any automated flagging issue. We have already a standard format for timestamp (opentimestamp) which is already used by the Nostr protocol (e.g NIP-03). Additionally, this smoothly kill the concept of any “trusted” Github administrators which is good to guarantee decentralization of the development process.

The current Github API is very easy to hack. This shall free time for maintainers to do actual real technical review and QA decision merging works.

If further interest, I can propose a BIP or NIP further detailing the idea.

willcl-ark added the label Brainstorming on Mar 6, 2024

willcl-ark commented at 3:53 pm on March 6, 2024: contributor

Sorry, but I’m having difficulty understanding this proposal.

Are you proposing that we should auto-tag issues/PRs from new contributors who’s github accounts are < 24h old? Or will there be some whitelist which, if you are not on it, will see your new issues/PRs flagged? Or perhaps you meant something else?

A simple spam management policy could be to have every Github user email endpoint timestamped in the Bitcoin blockchain at least 144 blocks before the current BIP113 median time-past.

How would stamping their email address into the blockchain combat spam in this example?

ariard commented at 5:30 pm on March 6, 2024: member

Are you proposing that we should auto-tag issues/PRs from new contributors who’s github accounts are < 24h old?

Yes, that way you limit mass spawn of fake github accounts.

How would stamping their email address into the blockchain combat spam in this example?

From GH API, you can get email associated with an account. Using the chain to rate-limit new GH accounts in a way which can be publicly audited a posteriori.

fanquake commented at 10:34 am on March 7, 2024: member

A simple spam management policy could be to have every Github user email endpoint timestamped in the Bitcoin blockchain If further interest, I can propose a BIP or NIP further detailing the idea.

It’s not clear to me that some sort of blockchain based spam management tooling is going to be simple, and in any case, the development of any such (generic) tooling is not something that should be discussed in this issue tracker. Obviously you’re free to propose any BIPs/NIPs / produce the software and alert people when it exists and is something the project could consider for use.

fanquake closed this on Mar 7, 2024

ariard commented at 6:02 pm on March 7, 2024: member

t’s not clear to me that some sort of blockchain based spam management tooling is going to be simple

I don’t pretend either. Yeah good for closing. Actually there is already a bunch of experiments in the Nostr space like https://github.com/nostr-protocol/nips/blob/wiki/34.md and https://github.com/fiatjaf/gitstr, I’ll check that more.

Considerations on adding Bitcoin blockchain-based Github spam management strategy #29570