Core Toolchain Infrastructure - Services for glibc

Florian Weimer fweimer@redhat.com
Thu Aug 3 10:10:00 GMT 2023 

* Konstantin Ryabitsev:

> On Fri, Jul 14, 2023 at 01:38:00PM +0200, Florian Weimer wrote:
>> >  * Support public-inbox for mailing list archives.
>> >  * Use of public-inbox means archives can be cloned and copied.
>> >  * Use of LF IT Subspace mailing list services (mlmmj, postfix).
>> 
>> I assume LF IT is able to run mailing lists without “via” From:
>> rewriting?
>
> Yes, that practice is horrible and we do not support it in any way shape or
> form for mailing lists.

That's good to know.

>> > * bug database
>> >  * Consider starting fresh in new Bugzilla 5.0.4+ instance and freeze old product.
>> >  * glibc component in sourceware instance marked "Not open for new bugs."
>> >  * No easy way to clone this but we can discuss options.
>> >  * Isolate bugzilla from other services.
>> 
>> Does LF IT offer some Bugzilla anti-spam services?  To what extent do we
>> need to constrain new sign-ups?
>
> We have various approaches here, depending on the project.
>
> We do not constrain sign-ups for bugzilla.kernel.org. We have a script
> that reports new comments containing links or potentially spammy
> attachments. These comments are junked and accounts posting them are
> banned.
>
> We do constrain sign-ups for bugzilla.yoctoproject.org -- users must
> request a new account to be created before they can file any bugs.

Okay, so there are options, good.

>> Can we keep using the AdaCore hooks?  Or would they have to run on the
>> side somehow?  Who is going to implement changes to the AdaCore scripts?
>
> This is the main point of contemplation -- we do not currently support custom
> hooks on the server side:
>
> - they tend to significantly slow down pushes
> - they run extensive codebases with the same permissions as the owner of the
>   repositories, significantly increasing security risks
>
> Our recommendation was to move all CI tasks to a system that is better
> suited for it. For example, CI can run on a patchwork system and the
> pre-commit hook can then check that each commit matches a patchwork
> entry that passed CI.

One way to deal with this on our end would be a policy that allows
branch rebases to pull faulty commits for a time.  Lately we have pushed
some misformatted commit messages in the current setup, with its commit
hooks.

Thanks,
Florian

More information about the Libc-alpha mailing list