<div dir="ltr"><div dir="ltr">On Mon, Jul 4, 2022 at 5:11 AM Julius Künzel <<a href="mailto:jk.kdedev@smartlab.uber.space">jk.kdedev@smartlab.uber.space</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">3. Juli 2022 um 13:43, "Nicolas Fella" <<a href="mailto:nicolas.fella@gmx.de" target="_blank">nicolas.fella@gmx.de</a>> schrieb:<br>
<br>
> <br>
> On 7/3/22 12:45, Ben Cooksley wrote:<br>
> <br>
> > <br>
> > Hi all,<br>
> > <br>
> > Recent analysis of the logs of our Giltab instance has revealed<br>
> > numerous instances of files being directly retrieved from Gitlab<br>
> > (using the /raw/ API). Much to my incredible sadness, this has<br>
> > included accesses being made by KDE Applications themselves.<br>
> > <br>
> > As a reminder, automated access to the "raw files" API of Gitlab is<br>
> > strictly prohibited and not permitted under any circumstances. The<br>
> > only use of it which is allowed is within .gitlab-ci.yml files to<br>
> > import job definitions from sysadmin/ci-utilities.<br>
> > <br>
> > At this time I am tracking:<br>
> > - Retrieval of qt/qt/qtbase - .qmake.conf and extra-cmake-modules -<br>
> > FindUDev.cmake and COPYING-CMAKE-SCRIPTS from systems operating in<br>
> > Microsoft Azure using curl.<br>
> > <br>
> > - Retrieval of *.colors files from the Breeze repositories,<br>
> > originating from KDE CI/CD servers, likely as a consequence of unit<br>
> > tests or Craft builds<br>
> > <br>
> <br>
> That looks like<br>
> <a href="https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116" rel="noreferrer" target="_blank">https://invent.kde.org/packaging/craft-blueprints-kde/-/blob/master/kde/kdemultimedia/kdenlive/kdenlive.py#L116</a><br>
> <br>
> That's the only usage of raw invent URLs I see in craft-blueprints-kde<br>
<br>
I removed that code now. It was introduced in a pre GitLab time and later just ported, but not need anymore. See <a href="https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6deaf3183723575d487379f01525607" rel="noreferrer" target="_blank">https://invent.kde.org/packaging/craft-blueprints-kde/-/commit/26d86498d6deaf3183723575d487379f01525607</a></blockquote><div><br></div><div>Thanks for fixing that Julius - appreciated!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
> <br>
> > <br>
> > - Retrieval of various code examples from various repositories,<br>
> > originating from KDE CI/CD servers, likely due to unit tests or Craft<br>
> > builds utilising them<br>
> > <br>
> > - Retrieval by Digikam itself of files from the Digikam code<br>
> > repository (see<br>
> > <a href="https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp" rel="noreferrer" target="_blank">https://invent.kde.org/graphics/digikam/-/blob/master/core/libs/onlineversion/onlineversionchecker.cpp</a>)<br>
> > <br>
> > The last one is particularly upsetting, as this is how we ended up<br>
> > with a bad situation with Discover.<br>
> > <br>
> > Developers - please discuss with Sysadmin before implementing<br>
> > functionality in your software that communicates with KDE.org<br>
> > infrastructure so we can ensure that the endpoints you are contacting<br>
> > are highly scalable.<br>
> > Gitlab does not meet this criteria by any definition at all.<br>
> > <br>
> > If we could please get these corrected that would be appreciated.<br>
> > <br>
> > Thanks,<br>
> > Ben<br>
> ><br>
><br></blockquote><div><br></div><div>Cheers,</div><div>Ben</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Julius Künzel<br>
Volunteer KDE Developer, mainly hacking Kdenlive<br>
KDE GitLab: <a href="https://my.kde.org/user/jlskuz/" rel="noreferrer" target="_blank">https://my.kde.org/user/jlskuz/</a><br>
Matrix: @jlskuz:<a href="http://kde.org" rel="noreferrer" target="_blank">kde.org</a><br>
</blockquote></div></div>