Hello,
Recently, we had DoS-like episodes on the main Linaro git server, http://git.linaro.org , which affected number of Linaro users, including users of Gerrit system, http://review.linaro.org .
These episodes were related to unfriendly usage of native protocol, git:// (service port 9418). The implementation of this protocol is known to be resource-hungry and not scale to many connections and users. The issue itself is not new, it is something which affected us in waves over last 3 years, and a resolution for which was established a year ago, providing 2 HTTP-based protocols (so called "dump" and "smart" protocols) as more scalable replacement.
So, this is a gentle reminder that use of git:// protocol by is discouraged for Linaro engineers, and completely unsupported(*1) for third parties. Based on the analysis and outcome of the current DoS-like activity, we may need to make git:// access more limited and strict. So, please kindly:
1. Check URLs you use for cloning and updating your local trees. If you use "ssh://" or "http(s)://" protocols, you're ok. If you use git://, please switch to using http-based protocol instead. In most cases, this requires just replacing "git://" schema with "http://". If in doubt, please visit gitweb page for your repositories, which lists all supported URLS to clone a repository, e.g.: https://git.linaro.org/arm/arm-trusted-firmware.git
2. If you set up of oversee CI or automated build jobs, please audit and apply similar changes to them.
Thanks, Paul, on behalf of Linaro Systems Team and ITS
(*1) Unsupported in the current context means that "git://" URLs are not published in up-to-date information, and there's no warranty that any 3rd party will be able to complete a clone successfully using this protocol.
Linaro.org | Open source software for ARM SoCs Follow Linaro: http://www.facebook.com/pages/Linaro http://twitter.com/#%21/linaroorg - http://www.linaro.org/linaro-blog