I was a bit worried about the word "useless" in subject :-) but the mail sounds like we talk about quite opposite thing.
> From: "Tomas Tomecek" <ttome...@redhat.com> > Would that be a big of a deal if packit-service sent thousands of build > requests within a short period of time? From time to time, some users submit several thousands of builds in short period of time. Copr should survive, but naturally you might have to wait some time (hours, if the packages are average) till everything is processed for your 'packit' user. > Context: right now in our packit github app we only allow builds being > triggered by "trusted" contributors. So if a person opens a PR on a > project and is not a contributor, that request is not being built - the > project maintainer needs to trigger the build manually. We received > suggestions to drop this and build all PRs no matter who contributed > them. Here I'd rather thing about security. RPM build is a turing-complete process, and if anyone can run builds under your name ... potentially go breaking builders that can be reused for other builds ... PR builds should be at least in a separate project for each of your users. > Our main concern is that someone could create a malicious contribution > which would get into copr or some bot would open thousands of useless > PRs, thus DoSing CI systems. This would overload 'packit' copr account, but not whole copr. If something dramatic happened, we'd have to eventually cancel the batch of builds. But several thousands in queue are just known to work. > Did you already have problems with this? Would this be a concern? Historically, but currently Fedora Copr scales pretty well. The major concern is storage, so preferably all the projects should be removed after some time, not stored indefinitely. Pavel > [using user-cont-team@ ML since that's our only public list] > > Tomas _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/copr-devel@lists.fedorahosted.org
