Mitigating KNS/Discover impact in our servers

[Aleix Pol]

On Wed, Feb 9, 2022 at 6:45 PM Aleix Pol <aleixpol at kde.org> wrote:
>
> Dear distributors,
> In the last few days, we have been looking into mitigating the impact
> of Discover against certain KDE web services.
>
> Some of the problems can be addressed in the service itself but not
> them entirely, so it would be useful if the following changes were
> backported into your own packaging. We have already included it in our
> stable branches but on the distributions that ship unsupported
> versions of our software it would be useful you can apply these
> patches.
>
> https://invent.kde.org/frameworks/knewstuff/-/commit/c8165b7a0d622e318b3353ccf257a8f229dd12c9
> https://invent.kde.org/frameworks/knewstuff/-/commit/e1c6f2bf383876a31cd3e3f9e6edcaa19dc0a7dd
>
> https://invent.kde.org/plasma/plasma-desktop/-/commit/b85cf34298c274b5f16cb6c2aead7b87f0dabbb8
> https://invent.kde.org/plasma/discover/-/commit/6257e21c313e21afd80d101d24c78d66621236b1
>
> If you feel unsure about the patch on a specific branch, feel free to
> contact me here or in private and I will backport it if necessary.
>
> Plasma 5.24.0 has already some of these mitigations, Plasma 5.24.1 and
> KDE Frameworks 5.92 should have these all plus some others that also
> help.
>
> Please excuse the inconvenience.
>
> Best regards,
> Aleix

Hello again,
I have been asked to remind you that in case you didn't want to apply this patch
https://invent.kde.org/frameworks/knewstuff/-/commit/c8165b7a0d622e318b3353ccf257a8f229dd12c9

It would be useful if you could instead (or additionally, they're good
changes too) apply the following:
https://invent.kde.org/plasma/kdeplasma-addons/-/commit/3e24d34d9c36b61973871b0dadb6c11e798348f4
https://invent.kde.org/plasma/plasma-workspace/-/commit/fb5656eaf2e021e6a9288edd00573c14afe6e115
https://invent.kde.org/plasma/plasma-workspace/-/commit/b49a102074087e6680f330fcf61cebdeeac306b7

Aleix