[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Automated usage of Gitlab
From: Ben Cooksley <bcooksley () kde ! org>
Date: 2022-07-04 9:30:08
Message-ID: CA+XidOGhukeovTr8g6uN7cvaC32fBnbFK7Q5+5rRAMauRu5jQg () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jul 4, 2022 at 5:11 AM Julius K=C3=BCnzel <jk.kdedev@smartlab.uber.=
space>
wrote:
> 3. Juli 2022 um 13:43, "Nicolas Fella" <nicolas.fella@gmx.de> schrieb:
>
> >
> > On 7/3/22 12:45, Ben Cooksley wrote:
> >
> > >
> > > Hi all,
> > >
> > > Recent analysis of the logs of our Giltab instance has revealed
> > > numerous instances of files being directly retrieved from Gitlab
> > > (using the /raw/ API). Much to my incredible sadness, this has
> > > included accesses being made by KDE Applications themselves.
> > >
> > > As a reminder, automated access to the "raw files" API of Gitlab is
> > > strictly prohibited and not permitted under any circumstances. The
> > > only use of it which is allowed is within .gitlab-ci.yml files to
> > > import job definitions from sysadmin/ci-utilities.
> > >
> > > At this time I am tracking:
> > > - Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -
> > > FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in
> > > Microsoft Azure using curl.
> > >
> > > - Retrieval of *.colors files from the Breeze repositories,
> > > originating from KDE CI/CD servers, likely as a consequence of unit
> > > tests or Craft builds
> > >
> >
> > That looks like
> >
> https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/k=
demultimedia/kdenlive/kdenlive.py#L116
> >
> > That's the only usage of raw invent URLs I see in craft-blueprints-kde
>
> I removed that code now. It was introduced in a pre GitLab time and later
> just ported, but not need anymore. See
> https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6=
deaf3183723575d487379f01525607
Thanks for fixing that Julius - appreciated!
>
>
> >
> > >
> > > - Retrieval of various code examples from various repositories,
> > > originating from KDE CI/CD servers, likely due to unit tests or Craf=
t
> > > builds utilising them
> > >
> > > - Retrieval by Digikam itself of files from the Digikam code
> > > repository (see
> > >
> https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlinever=
sion/onlineversionchecker.cpp
> )
> > >
> > > The last one is particularly upsetting, as this is how we ended up
> > > with a bad situation with Discover.
> > >
> > > Developers - please discuss with Sysadmin before implementing
> > > functionality in your software that communicates with KDE.org
> > > infrastructure so we can ensure that the endpoints you are contactin=
g
> > > are highly scalable.
> > > Gitlab does not meet this criteria by any definition at all.
> > >
> > > If we could please get these corrected that would be appreciated.
> > >
> > > Thanks,
> > > Ben
> > >
> >
>
Cheers,
Ben
>
> Julius K=C3=BCnzel
> Volunteer KDE Developer, mainly hacking Kdenlive
> KDE GitLab: https://my.kde.org/user/jlskuz/
> Matrix: @jlskuz:kde.org
>
[Attachment #3 (text/html)]
<div dir="ltr"><div dir="ltr">On Mon, Jul 4, 2022 at 5:11 AM Julius Künzel <<a \
href="mailto:jk.kdedev@smartlab.uber.space">jk.kdedev@smartlab.uber.space</a>> \
wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">3. Juli 2022 um 13:43, "Nicolas Fella" \
<<a href="mailto:nicolas.fella@gmx.de" \
target="_blank">nicolas.fella@gmx.de</a>> schrieb:<br> <br>
> <br>
> On 7/3/22 12:45, Ben Cooksley wrote:<br>
> <br>
> > <br>
> > Hi all,<br>
> > <br>
> > Recent analysis of the logs of our Giltab instance has revealed<br>
> > numerous instances of files being directly retrieved from Gitlab<br>
> > (using the /raw/ API). Much to my incredible sadness, this has<br>
> > included accesses being made by KDE Applications themselves.<br>
> > <br>
> > As a reminder, automated access to the "raw files" API of \
Gitlab is<br> > > strictly prohibited and not permitted under any \
circumstances. The<br> > > only use of it which is allowed is within \
.gitlab-ci.yml files to<br> > > import job definitions from \
sysadmin/ci-utilities.<br> > > <br>
> > At this time I am tracking:<br>
> > - Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -<br>
> > FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in<br>
> > Microsoft Azure using curl.<br>
> > <br>
> > - Retrieval of *.colors files from the Breeze repositories,<br>
> > originating from KDE CI/CD servers, likely as a consequence of unit<br>
> > tests or Craft builds<br>
> > <br>
> <br>
> That looks like<br>
> <a href="https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116" \
rel="noreferrer" target="_blank">https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116</a><br>
> <br>
> That's the only usage of raw invent URLs I see in craft-blueprints-kde<br>
<br>
I removed that code now. It was introduced in a pre GitLab time and later just \
ported, but not need anymore. See <a \
href="https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6deaf3183723575d487379f01525607" \
rel="noreferrer" target="_blank">https://invent.kde.org/packaging/craft-blueprints-kde \
/-/commit/26d86498d6deaf3183723575d487379f01525607</a></blockquote><div><br></div><div>Thanks \
for fixing that Julius - appreciated!</div><div> </div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><br> <br>
> <br>
> > <br>
> > - Retrieval of various code examples from various repositories,<br>
> > originating from KDE CI/CD servers, likely due to unit tests or Craft<br>
> > builds utilising them<br>
> > <br>
> > - Retrieval by Digikam itself of files from the Digikam code<br>
> > repository (see<br>
> > <a href="https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp" \
rel="noreferrer" target="_blank">https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp</a>)<br>
> > <br>
> > The last one is particularly upsetting, as this is how we ended up<br>
> > with a bad situation with Discover.<br>
> > <br>
> > Developers - please discuss with Sysadmin before implementing<br>
> > functionality in your software that communicates with KDE.org<br>
> > infrastructure so we can ensure that the endpoints you are contacting<br>
> > are highly scalable.<br>
> > Gitlab does not meet this criteria by any definition at all.<br>
> > <br>
> > If we could please get these corrected that would be appreciated.<br>
> > <br>
> > Thanks,<br>
> > Ben<br>
> ><br>
><br></blockquote><div><br></div><div>Cheers,</div><div>Ben</div><div> \
</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px \
solid rgb(204,204,204);padding-left:1ex"> <br>
Julius Künzel<br>
Volunteer KDE Developer, mainly hacking Kdenlive<br>
KDE GitLab: <a href="https://my.kde.org/user/jlskuz/" rel="noreferrer" \
target="_blank">https://my.kde.org/user/jlskuz/</a><br>
Matrix: @jlskuz:<a href="http://kde.org" rel="noreferrer" \
target="_blank">kde.org</a><br> </blockquote></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic