On Fri, Aug 29, 2014 at 7:57 AM, Andy Doan <andy.d...@linaro.org> wrote: > On 08/28/2014 11:30 PM, John Stultz wrote: >> On Thu, Aug 28, 2014 at 2:51 PM, Paul Sokolovsky >> <paul.sokolov...@linaro.org> wrote: > >>> The case we have with git:// is that small number of users can hog >>> almost all resources of a server. This can happen at release time and >>> block work of Linaro engineers, something like that happened this time. >> >> Do we have a sense of who those users (IPs? which tree they are pulling?) >> are? > > It appears to have been one IP address for both "attacks". (I use that > term loosely because they may not have known they were causing this). > > Around 5UTC this morning I noticed the same user was causing a small > resource spike again. They were limiting themselves to about 4-5 > concurrent connections, which the server had no problems with. The 2 > trees being cloned were linux-linaro-tracking.git and your android.git.
Interesting to hear the android.git tree is part of it. Will ping the few folks I know who pull regularly. > This makes me think the use has no ill-intentions, they just want to > clone a bunch of code at the same time. > >> Also I think continuing discussion w/ the kernel.org folks to >> understand their infrastructure would be good. They really started >> taking things seriously after their compromise, and it would be good >> for us to learn from their experience and take things similarly >> seriously before any such problems arise for us. > > +1 on that One more point of concern here. For all the git URLs that I have that use http (kernel.org as well as Google's Android urls), its actually https they're using. Maybe shouldn't we be using https: for these urls as well? thanks -john _______________________________________________ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
