Keep GitLab users growth in check

We currently have 5.4k GitLab users. Dozens are created every day. At least half of them:

• have never had any activity on our GitLab
• have not confirmed their email address
• are somewhat shady, or clearly spammy

One drawback of this situation is that this impacts our automated (but manually run) GitLab triaging process, which for technical reasons has to iterate over every user. A year ago it took a dozen minutes, nowadays it takes more than 1 hour, which is starting to be impractical.

I think there are other drawbacks of being so open to registration.

Can we mitigate this growth, somehow, without adding too much friction to contribution?

Nasty contents is visible for example there:

• https://gitlab.tails.boum.org/explore
• https://gitlab.tails.boum.org/explore/snippets

Short-term mitigation plan

• Block/disable SPAM accounts (manually and aided by the users cleanup script)
• Check how gitlab deals with username collisions between different authentication realms
• Purge all blocked and deactivated accounts after 2 months (mid/end of July)
• Enable login with GitHub and 0xacab (for example)
  • 0xacab requires an e-mail account from a list of trusted providers.
  • GitHub has the best antispam money can buy and MS can implement.
• Update documentation accordingly.