I do understand the practical problems (blockers, malware detection) and understand that people might have ideological issues with 'mining'.
But requiring a proof of work is defendable to your audience, I'd say.
@berkes You say a captcha per issue? Hmm ... not sure what to think, also there are very legitimate use cases to create issues via API, for example from CI.
@codeberg technically, an API could require a proof-of-work. I'm not aware of existing libraries or implementations.
The client (including the web-version) would then need to 'mine' some hashes before submitting a request(I.e. hashcash). Acting as captcha for API and web. Costing a normal user tiny amounts of electricity and delay, but bots large amounts of resources.
And if those hashes then bring in some micropayments, its a win-win.
@codeberg to clarify: each request needs such a PoW in a header or as part of the payload.
But this sounds like a big project on its own. Maybe others have built this already? Could be in the form of a HTTP proxy even.
@berkes "Costing a normal user tiny amounts of electricity and delay, but bots large amounts of resources." A swarm of bot is based on piracy, they don't care about electricity because they don't pay it. @codeberg I suggest asking project owners to moderate issues before these issues are made public. And flag projects that authorize too much issues for manual inspection.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!