http://tinderbox.mozilla.org/showbuilds.cgi?tree=Mozilla-l10n has a lot of starred builds which are spam comments. Not that we display the html, but is there anything we can do about that?
Not sure why this was moved back to Tinderbox... IT could look at the logs and block the spammers and/or remove their notes.
It was never in Tinderbox, it was in Release Engineering originally. I moved it to Tinderbox on the assumption that we wanted a long-term solution.
Add a captcha? I can't *believe* we're getting tinderbox comment spam, FWIW.
Before you start adding captchas, it would be worthwhile to send it back to IT ;) - are the spam comments actually coming from bots (which sounds insane on the face of it, but "crawl the web looking for any textarea and sticking HTML in it" can be a fairly successful approach), or from humans (which sounds equally insane, but blog comment spam is shifting that way)?