[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Automated usage of Gitlab
From: Ben Cooksley <bcooksley () kde ! org>
Date: 2022-07-03 10:45:37
Message-ID: CA+XidOE8qNmCYiuQSSjr=yMCqdqRvd9nPWeWqzFmdgF5pdM-_g () mail ! gmail ! com
[Download RAW message or body]
Hi all,
Recent analysis of the logs of our Giltab instance has revealed numerous
instances of files being directly retrieved from Gitlab (using the /raw/
API). Much to my incredible sadness, this has included accesses being made
by KDE Applications themselves.
As a reminder, automated access to the "raw files" API of Gitlab is
strictly prohibited and not permitted under any circumstances. The only use
of it which is allowed is within .gitlab-ci.yml files to import job
definitions from sysadmin/ci-utilities.
At this time I am tracking:
- Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -
FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in
Microsoft Azure using curl.
- Retrieval of *.colors files from the Breeze repositories, originating
from KDE CI/CD servers, likely as a consequence of unit tests or Craft
builds
- Retrieval of various code examples from various repositories, originating
from KDE CI/CD servers, likely due to unit tests or Craft builds utilising
them
- Retrieval by Digikam itself of files from the Digikam code repository
(see
https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp
)
The last one is particularly upsetting, as this is how we ended up with a
bad situation with Discover.
Developers - please discuss with Sysadmin before implementing functionality
in your software that communicates with KDE.org infrastructure so we can
ensure that the endpoints you are contacting are highly scalable.
Gitlab does not meet this criteria by any definition at all.
If we could please get these corrected that would be appreciated.
Thanks,
Ben
[Attachment #3 (text/html)]
<div dir="ltr">Hi all,<div><br></div><div>Recent analysis of the logs of our Giltab \
instance has revealed numerous instances of files being directly retrieved from \
Gitlab (using the /raw/ API). Much to my incredible sadness, this has included \
accesses being made by KDE Applications themselves.</div><div><br></div><div>As a \
reminder, automated access to the "raw files" API of Gitlab is strictly \
prohibited and not permitted under any circumstances. The only use of it which is \
allowed is within .gitlab-ci.yml files to import job definitions from \
sysadmin/ci-utilities.</div><div><br></div><div>At this time I am \
tracking:</div><div>- Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules \
- FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in Microsoft Azure \
using curl.</div><div><br></div><div>- Retrieval of *.colors files from the Breeze \
repositories, originating from KDE CI/CD servers, likely as a consequence of unit \
tests or Craft builds</div><div><br></div><div>- Retrieval of various code examples \
from various repositories, originating from KDE CI/CD servers, likely due to unit \
tests or Craft builds utilising them</div><div><br></div><div>- Retrieval by Digikam \
itself of files from the Digikam code repository (see <a \
href="https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/on \
lineversionchecker.cpp">https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp</a>)</div><div><br></div><div>The \
last one is particularly upsetting, as this is how we ended up with a bad situation \
with Discover. </div><div><br></div><div>Developers - please discuss with Sysadmin \
before implementing functionality in your software that communicates with KDE.org \
infrastructure so we can ensure that the endpoints you are contacting are highly \
scalable. </div><div>Gitlab does not meet this criteria by any definition at \
all.</div><div><br></div><div>If we could please get these corrected that would be \
appreciated.</div><div><br></div><div>Thanks,</div><div>Ben</div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic