Consider abuse #59
Description
What feature do you want to see added?
The design of this bot needs to consider what happens in the case of abuse. It doesn't look like that's been done.
- Some rando shows up and runs all the bot commands just to see what happens.
- A
jenkinsciorg member (asked nicely for org membership but otherwise some rando) shows up and runs all the bot commands just to see what happens.
It's not like we've never been subject to this before, see e.g. nonsensical votes in changelog weather feedback, spam on the wiki and in Jira.
Some suggestions:
- Rate limiting
- Safer defaults than "the entire internet can do everything except close PRs"
- Audit logging, notifications sent to a channel (e.g. #jenkins-infra on IRC)
- Easy way to batch-undo actions by certain users
Upstream changes
No response