Mr Cottle, what say you?

Hmm, this log line concerns me:

2008-09-07 03:46:28.541426+00 | Email changed from dcottle@idb.com.au to jcoxhead@idb.com.au

I'll give it to the end of the week.

Mike,

As we discussed privately in an email, auscity (you know his real name from the CLA) and the circumstances (which I told you about privately, I don't want it blasted out in a public ticket).

We all have fedora machines of various architectures, and specifically heavily test koji kernels particularly the exciting 2.6.26 current releases. Kernels, php, spamassassin, gnome, filezilla, firefox, etc (off the top of my head). I even build kmod-nvidia packages against these koji kernels for acottle and auscity.

We often test packages very closely together and discuss any anomalies found. I am also quite active in bugzilla. So it does not surprise me that since we get together constantly we post at the same time.

We are three individuals posting and testing packages commented on.

The person who put in this complaint emailed me directly first rather rudly and abruptly stopping just short of accusing me outright of fraudulent activity. Claiming acottle is me and so is auscity simply based on acottle and dcottle share the same name and auscity was using my dcottle email address as I explained to Mike.

Surely if I was simply trying to get packages through, I am not an idiot that would use three so easily linkable names and addresses. Its easy to get hotmail, yahoo and countless 100's of free email services and surely come up with better aliases that are clearly unrelated and use proxy servers to change IP addresses.

I certainly enjoy fedora and actively help the fedora community. Even here I build a lot of packages like filezilla 3.1.2-1 for both f9 and f8 and share it here for acottle and auscity.

I think this whole matter is way out of control and certainly a nicer approach initially to us to explain gets a less hostile reaction from me. Is this some masterminded plot to take over or some money involved? We all have helped in goodwill and certainly anyone laid with such slanderous allegations (bodhi abuse - user with multiple FAS accounts) is not going to be happy when all they do is test and report. I think 'suspected' or 'possible' would have been a better choice in my opinion if it had to be addressed at all. In total we have pooled over 8 servers or more over three locations and all actively test, help and support fedora!

Thanks again Mike.

My original mail went to a public mailing-list with Bcc to the three user ids. It was short and to the point, but certainly not rude, considering the back-breaking evidence - some of which is highlighted in this ticket.

That mail triggered four private replies in short time. All from David Cottle except an anonymous one-line reply from acottle's address an hour later. All created with a local 10.0.0.1 IP, btw.

None of the replies tried to claim that three persons use these accounts. It was not explained either why an enthusiastic tester would not open an own account using his own full name and his own email address (as that's a requirement for receiving mail from bodhi). Instead, it was only emphasised that testing would be done on multiple servers. The only justification for voting three times. With a delay of ~25 seconds.

https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7560
is simply embarrassing. And those updates where the three userids vote at once (prior to August 30th and without comments) could be found very easily with direct db access.

I am also quite active in bugzilla.

Good reminder. I've had a look and found "David webmaster@aus-city.com" in bugzilla. Many "urgent" tickets. The recent ones fit into the scheme:

457039 Why is kernel 2.6.25.13-65 and 2.6.25.12-62 not on fedora updates?

457040 Why is kernel 2.6.25.13-103 and 2.6.25.12-100 not on fedora updates?

460245 Pidgin 2.5.0 has been built on koji but no one has deployed it to admin.fedoraproject.org/updates/F8/pending

460246 Pidgin 2.5.0 has been built on koji but no one has deployed it to admin.fedoraproject.org/updates/F9/pending

So here's my take on what's going on here. I really do believe we have some enthusiastic Fedora testers. At least two of whom are related and in close contact with eachother while testing.

I believe the information contained in the accounts was certainly setup in a confusing way though probably not intentionally just that the accounts may have been shared at one time. That seems to have been corrected now.

I would suggest in the future that these three users not all thumbs up an update. Our system for updates is far from perfect, but the idea is that multiple people will test in multiple environments. It's possible bugs might get missed for people that are all using the same package on the same hosts that were setup in the same way. Though I'd certainly not mean to discourage your use on testing. Please do continue to test and make comments on tickets.

Regarding the bugzilla comments, it is important to note that many packages get built explicitly to be tested but not to be released.

Replying to [comment:6 mmcgrath]:

I would suggest in the future that these three users not all thumbs up an update. Our system for updates is far from perfect, but the idea is that multiple people will test in multiple environments. It's possible bugs might get missed for people that are all using the same package on the same hosts that were setup in the same way. Though I'd certainly not mean to discourage your use on testing. Please do continue to test and make comments on tickets.

Just re-read this and realized it might be a bit confusing. I'd suggest these users not all thumbs up the same update at once. Obviously we'd like you to continue updating and giving thumbs up and thumbs down to packages. Thanks for helping the Fedora Project.

Replying to [comment:7 mmcgrath]:

I just have to add to this...I am acottle, Alisa Cottle (related to David Cottle, living in the same house with him, which is now not my private business anymore). I am chagrinned that I have to justify my participation in this (not-for-profit, but for the good-of-the-whole) activity of testing package updates to find bugs, but I feel I have to now in order to shed light on this erroneous claim. There are three internet connections at three sites that are all separate networks, and all with machines running different hardware, with 10.0.0.1 gateway servers (multiple servers each site). However, naturally the mail server is hosted on a single machine gatewayed through another 10.0.0.1 pipe. By the flawed logic above, though there are actually 27 domains hosted on a single server, since all of these email accounts share the same gateway they are therefore all the same person.

Have we EVER been wrong in our deductions? Is working as a group (and a wee group of three at that!) against the rules? I could see this intense questioning over three similar accounts here IF there had been mistakes, or abuse or profiteering, or something harmful, but all that has occurred has been of benefit for all from my perspective.

Thus far we have never encountered a problem where a package will install on one of our machines, but have problems on the others. Normally we only seek out packages that interest us from koji. But all of our servers (eight between us) have the testing channel enable, so we do run into packages occasionally that may have problems and they are usually reported on by David.

Anyway, I wish to feel goodwill now and go back to testing. Unless there are any problems with that. We three can try not to agree with each other whether or not we find bugs (ha ha, but I doubt it ;)).

Alisa

Replying to [comment:6 mmcgrath]:

I would suggest in the future that these three users not all thumbs up an update. Our system for updates is far from perfect, but the idea is that multiple people will test in multiple environments. It's possible bugs might get missed for people that are all using the same package on the same hosts that were setup in the same way. Though I'd certainly not mean to discourage your use on testing. Please do continue to test and make comments on tickets.

Just re-read this and realized it might be a bit confusing. I'd suggest these users not all thumbs up the same update at once. Obviously we'd like you to continue updating and giving thumbs up and thumbs down to packages. Thanks for helping the Fedora Project.

:: sigh :: we closed the matter in your favour but for some reason that wasn't good enough so I'll play this game.

Have we EVER been wrong in our deductions?

I don't know

Is working as a group (and a wee group of three at that!) against the rules?

Nope, it isn't.

The problem comes in when we contacted you with this ticket almost as soon as it was created and you said nothing. Then threatened us with legal actions, then you started changing entire names and email addresses of the accounts in question. Had you just said "oh, its actually three of us all just here working together" that could have ended it right there. But that's not even remotely what you did. We very much appreciate the work that you do, really. But you need to at least examine your actions and realize that mschwendt had a valid concern and you could have cleared it up within the first 5 minutes if you wanted.

Replying to [comment:10 mmcgrath]:

Wow, sorry I've made you sigh. I didn't want to play any games. I merely wanted to put in my 2 cents when I had the time, I apologize I was slow to answer. This is not my main area of interest, just one of many. mschwendt may have had a point, but what a negative way to spend his time IMO. I'm happy it is closed. Goodwill to all. Alisa Cottle

:: sigh :: we closed the matter in your favour but for some reason that wasn't good enough so I'll play this game.

Have we EVER been wrong in our deductions?

I don't know

Is working as a group (and a wee group of three at that!) against the rules?

Nope, it isn't.

The problem comes in when we contacted you with this ticket almost as soon as it was created and you said nothing. Then threatened us with legal actions, then you started changing entire names and email addresses of the accounts in question. Had you just said "oh, its actually three of us all just here working together" that could have ended it right there. But that's not even remotely what you did. We very much appreciate the work that you do, really. But you need to at least examine your actions and realize that mschwendt had a valid concern and you could have cleared it up within the first 5 minutes if you wanted.

OMG, stop the drama! ;)

Only after mmcgrath had closed this ticket WONTFIX (because foul-play is a hard problem and you do know that as one who runs own forums) you consider it the right time to add a comment? Eeeww, come on, that is ridiculous. This situation is not at all positive for you. WONTFIX here just means that not much else can be done this time other than to hope for a change in your attitude. There's too much room for manipulation (some which you have pointed out yourself). And so far you haven't done anything for a good reputation.

Quote: I can assign another person who also maintains a server responsible for it. (David Cottle)

[...]

So, for the sake of clarity, I need to add something, too:

First of all, I'm not the only one who noticed the suspicious voting activity in bodhi. I'm not the only one who was annoyed by it. I'm not the only one either who found the evidence back-breaking. I was just the one who thought "well, let's confront the three userids with the facts". To be short and blunt was one of multiple options. Your response would not have been different anyway. You defended your activity with the existence of multiple servers. Ouch.

Secondly, prior to my initial mail, I was fully aware of Alisa Cottle based on what can be found easily on 1-2 of the web-pages. Example: a page with family information and pictures, a forum user profile, and a link to another web page for her field of interest.

Still, it doesn't matter. Two of the Fedora accounts being assigned to David Cottle and his email addresses, and all three very often voting with a delay of just ~25 seconds (which is approximately the time it takes to relogin or switch sessions) is just too much reason to be certain that only one person is the updates addict who does all this. At the bottom of the top of this ticket you can find a public comment about this where I've expanded on this before.
To sum it up: I consider it very unlikely that even if three persons sit next to eachother, they would practise submitting their votes at once, on multiple packages, and day by day (see top of this ticket). That's even less likely if one of the three repeatedly tries to coerce package maintainters into pushing unreleased minor updates to the stable repositories.

What has happened here is that after voting a hundred times +1 with only limited influence on the package release process, the single enthusiast tried to increase the influence by voting +3 (and hoping to trigger auto-pushes).

You want to help the Fedora Project? Then please do understand the importance of the QA process. It is important for updates to be offered as test updates for some time, so the community gets a chance to try them. It is not enough if a single person tries them even before they are published (from koji or "pending"). Don't urge packagers so often to skip updates-testing. Take your time to test updates painstakingly, especially kernels. You think multiple servers matter? Then please become active in the QA team and look for future ways how to gain more than +1 karma points per update. I'm certain there are possibilities.

mschwendt may have had a point, but what a negative way
to spend his time IMO.

Worse can be thought about creating fake accounts and submitting fake votes in bodhi. Do you think I enjoyed the discovery?