On 2019/01/06 18:43:16, Dominik Psenner <dpsen...@gmail.com> wrote:
> On Sun, Jan 6, 2019, 19:32 Allen Wittenauer
> <a...@effectivemachines.com.invalid wrote:
>
> >
> > a) The ASF has been running untrusted code since before Github existed.
> > From my casual watching of Jenkins, most of the change code we run doesn’t
> > come from Github PRs. Any solution absolutely needs to consider what
> > happens in a JIRA-based patch file world. [footnote 1,2]
> >
>
> If some project build begins to draw resources in an extraordinary fashion
> it will be noticed. As logging pmc I recommend patchers to do a pull
> request on github and play with the source code to make it work. Either
> then or meanwhile we do code review to keep the iterations short.
>
It is a *big* Jenkins, with no clear ownership. Those tend to have jobs run
amuck and nobody notices for a long time. That's just my experience, and I've
only been a Jenkins committer since 2006 so what would I know
>
> > b) Making everything get reviewed by a committer before executing is a
> > non-starter. For large communities, precommit testing acts as a way for
> > contributors to get feedback prior to a committer even getting involved.
> > This allows for change iteration prior to another human spending time on
> > it. But the secondary effect is that it acts as a funnel: if a project
> > gets thousands of change requests a year [footnote 3], it’s now trivial for
> > committers to focus their energy on the ones that are closest to commit.
> >
> > c) We’ve needed disposable environments (what Stephen Connolly called
> > throwaway hardware and is similar to what Dominik Psenner talked about wrt
> > gitlab runners) for a while. When INFRA enabled multiple executors per
> > node (which they did for good reasons), it triggered an avalanche of
> > problems: maven’s lack of repo locking, noisy neighbors, Jenkins’ problems
> > galore (security and DoS which still exist today!), systemd’s cgroup
> > limitations, and a whole lot more. Getting security out of them is really
> > just extra at this point.
> >
> > ====
> >
> > 1 - With the forced moved to gitbox, this may change, but time will tell.
> >
> > 2 - FWIW: Gavin and I have been playing with Jenkins’ JIRA Trigger Plugin
> > and finding that it’s got some significant weaknesses and needs a lot of
> > support code to make viable. This means we’ll likely be sticking with some
> > form of Yetus’ precommit-admin for a while longer. :( So the bright side
> > here is that at least the ASF owns the code to make it happen.
> >
> > 3 - Some perspective: Hadoop generated ~6500 JIRAs with patch files
> > attached last year alone for the nearly 15 or so active committers to
> > review. If half of the issues had the initial patch plus a single
> > iteration, that’s 13,000 patches that got tested on Jenkins.
>
