On Fri, Aug 29, 2014 at 7:57 AM, Andy Doan andy.doan@linaro.org wrote:
On 08/28/2014 11:30 PM, John Stultz wrote:
On Thu, Aug 28, 2014 at 2:51 PM, Paul Sokolovsky paul.sokolovsky@linaro.org wrote:
The case we have with git:// is that small number of users can hog almost all resources of a server. This can happen at release time and block work of Linaro engineers, something like that happened this time.
Do we have a sense of who those users (IPs? which tree they are pulling?) are?
It appears to have been one IP address for both "attacks". (I use that term loosely because they may not have known they were causing this).
Around 5UTC this morning I noticed the same user was causing a small resource spike again. They were limiting themselves to about 4-5 concurrent connections, which the server had no problems with. The 2 trees being cloned were linux-linaro-tracking.git and your android.git.
Interesting to hear the android.git tree is part of it. Will ping the few folks I know who pull regularly.
This makes me think the use has no ill-intentions, they just want to clone a bunch of code at the same time.
Also I think continuing discussion w/ the kernel.org folks to understand their infrastructure would be good. They really started taking things seriously after their compromise, and it would be good for us to learn from their experience and take things similarly seriously before any such problems arise for us.
+1 on that
One more point of concern here. For all the git URLs that I have that use http (kernel.org as well as Google's Android urls), its actually https they're using. Maybe shouldn't we be using https: for these urls as well?
thanks -john