this is not an official OSMF board statement. I wrote this just before going to sleep.
You linked one of obvious pieces. In long term, increase capacity of osm.org website development is a goal and given what happened better security and moderation would be almost certainly among priorities.
(ongoing fundraising is a piece of that)
Code needs to be reviewed before it is deployed. This is done to prevent exciting events such as “we lost all our data” or “now noone understands code of the project”.
Note that currently OSMF staff (listed at Contractors and employees - OpenStreetMap Foundation ) includes:
- Site Reliability Engineer (not a programmer!)
- iD developer (distinct from Ruby on Rails used by website)
Neither develops GitHub - openstreetmap/openstreetmap-website: The Rails application that powers OpenStreetMap - this is done entirely by volunteers.
Personally I am not really qualified to even review such pull request. If you are not either, please do not comment on Add support for rate limiting signup requests by tomhughes · Pull Request #4198 · openstreetmap/openstreetmap-website · GitHub - especially complaints “why it is not done yet” variety. This is not productive way to motivate volunteers.
Yes, there are some attempts to improve situation, especially long-term.
If there is some obvious quick-acting thing that OSMF board can do and it missed it then I would gladly learn about it. Sadly just making something high priority does not result in desired effects.
Some steps were taken with coordination (deliberately not mentioning specifics, not sure how much of that should be shared).
Yes, I am aware of some low hanging-fruit. Like Prevent blocked users from signing up with the "same email address" again and again · Issue #4206 · openstreetmap/openstreetmap-website · GitHub or rate-limit changeset comments · Issue #4196 · openstreetmap/openstreetmap-website · GitHub (that resulted for example in Add rate limiting for changeset comments by tomhughes · Pull Request #4202 · openstreetmap/openstreetmap-website · GitHub - nice to see that apparently my comment turned out to be sort of useful. Feel free to blame me if legitimate changeset comments will fail once this is merged.)
Hiring someone on short notice to implement this is not really feasible.
I had some ideas, but they turned out to be not viable.