mirrors/dotnet
1
0
Fork 0
mirror of https://github.com/dotnet/core synced 2025-04-29 15:57:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add self-help moderation instructions (#9811)

Browse Source 
* Add self-help moderation instructions

* Update Documentation/moderation.md

Co-authored-by: Aaron Robinson <arobins@microsoft.com>

* Fix linter errors

---------

Co-authored-by: James Montemagno <james.montemagno@gmail.com>
Co-authored-by: Aaron Robinson <arobins@microsoft.com>
This commit is contained in:
Rich Lander 2025-03-18 12:26:58 -07:00 committed by GitHub
parent b72ed4ce53
commit bd7cb2ed8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 47 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/microsoft-team.md
View File

@ -1,6 +1,8 @@
# Microsoft Team Onboarding
If you work on or with the .NET Team, you will need to onboard into various GitHub projects in order to get your work done.
Members of the .NET Team need to onboard into various accounts and systems as a part of daily work.
Please see [Moderation](./moderation.md) for help on how to help make our community safe and fun.
## Join .NET teams in dotnet and Microsoft orgs
@ -9,10 +11,6 @@ If you work on or with the .NET Team, you will need to onboard into various GitH
1. [Join the microsoft/dotnet team](https://repos.opensource.microsoft.com/Microsoft/teams/dotnet/join/)
1. [Join the dotnet/microsoft team](https://repos.opensource.microsoft.com/dotnet/teams/microsoft/join/)
## Moderation
You will sometimes see issues/PRs/comments that look suspicious/offensive/spammy. We use the "see something, say something" model. Please report content that you think should be addressed or removed to one of our [Moderators](http://aka.ms/dotnet/org).
## Security best practices
Bad actors try to break into our accounts all the time (see ["failed login attempts" on your account](https://github.com/settings/security-log?q=action%3Auser.failed_login)). You need to apply the following guidance to (A) stay secure, and (B) maintain access to your account.

44
Documentation/moderation.md Normal file
View File

@ -0,0 +1,44 @@
# Moderation
GitHub is a content management system that accepts updates from accounts created within the last five minutes. It's great because well-meaning people can create an account and report an issue quickly. It's also subject to abuse. We see inauthentic/abusive issues, PRs, and comments on a regular basis. It is important to know what to do.
We use the "see something, say something" model. Please report content that you think should be addressed or removed to one of our [Moderators](http://aka.ms/dotnet/org).
Note: the term "issue" will be used to mean both issue and PR.
## Self-service
If you see an issue that is of significant concern, please bias to action. We trust your judgement.
The quickest and most important action you can take is to close an issue. This will remove the problematic content from view for most people. This action can provide time for the moderators to act.
The bar for closing an issue should be low. We can always re-open it if that's the right choice. Don't write a response about code of conduct violations and "do better next time". Just close the issue. Leave the response (if one is needed at all) to the moderators.
GitHub offers a self-service "Report content" capability. Using it is a great option. It is often the case that a user is behaving in similar ways in multiple communities/orgs. GitHub will notice this and can act based on their broader perspective.
![Image](https://github.com/user-attachments/assets/bd84e1d8-92bc-48c6-9296-05f117554c46)
## Signs
It is often obvious that a user is acting in bad faith. We often look at user profiles for more information.
High bias to bad-faith:
- Account is new
- Profile is private
- Profile is public with similar repeated activity in other repos/orgs
There is a natural instinct to try to help someone who might just not have the skills or experience to participate per our norms. That's good! People that need help tend to identify themselves with very different signal than bad actors. They never start with a 5000 file PR or update our CI infra.
## Common activity
Bad-faith activity is a very broad topic.
Examples:
- Reposting our announcements, often in the same repo
- Posting malicious code (think crypto miners) as helpful samples
- PRs that delete or update files for no obvious reason
- PRs that run scripts that establish a reverse shell with the intent to exfiltrate secrets
The bigger the "contribution", the more you should be concerned. It is very easy to hide malicious payload amongst the noise. See [XZ backdoor](https://en.wikipedia.org/wiki/XZ_Utils_backdoor).