proposal for fedora11 feature ReviewOMatic

Jeff Spaleta jspaleta at gmail.com
Mon Jan 5 20:37:18 UTC 2009


On Mon, Jan 5, 2009 at 9:58 AM, Bill Nottingham <notting at redhat.com> wrote:
> Right, but you're an authorized user who (may) do some sort of rudimentary
> check for '100 GB source tarball' or 'is an obvious trojan', etc. before
> submitting the build. Would this automated system do that?

Limiting the number of requested queued builds in koji from this
system(or any user) might help limit DoS risk exposure. Putting some
limits on the srpm size which is allowed to be submitted would also
help.  This system could implement these sort of limit checks as part
of the service if there was no desire to put the limits in koji
itself.

This automation does however bring up issues with koji resources. How
long do we make automated builds available for download before they
are garbage collected to make room for more? How much of koji's
diskspace cache should be allocated to support automated review
builds?

Is koji garbage collecting binary builds currently?

The obvious trojan question is another issue entirely and would
require deep musing on what it means for anything to be obviously
malicious versus desired functionality.  As long as we can adequately
keep these packages from being candidates for repository inclusion
this issue is less problematic.

And then there is the related question... what about things which have
legal issues that would otherwise prevent us from normally
distributing. By automating the builds of such submissions are we
opening ourselves to enhanced legal risk?

I think if we limit this service to packages only from people who have
signed the appropriate CLA and are a sponsored contributor I think
both the obvious trojan risk and the legal liability of distribution
risk fall within already acceptable levels comparable to the review
process we have.  I would not offer this service to package from any
new contributor who has not gone through the sponsorship
process..unless a sponsored contributor signs off and lets the
autobuilds go forward.

-jef




More information about the fedora-devel-list mailing list