Good Morning Everyone,
I'm starting to give some thoughts to: https://pagure.io/pagure/issue/861 which
asks for the feature to generate tarballs on commits/tags.
The code I have in mind will dedicate the generation of the tarball to the
workers as I guess it can be quite time costly for large repo.
One challenge I see with this feature is: how to prevent it from being used to
DDoS an instance?
Say, how to prevent bots/spammers from asking a tarball for every commit in the
kernel git repo? That'd fill up disk space pretty quickly and lead to DDoS for
Few things I have in mind:
- Do no re-generate the tarball for commits for which we already generated one
- Clean tarballs on a regular basis (say we keep them 6h, 12h or 24h)
- Prevent users from generating more than X tarballs per hours (say 3?)
Anything else you can think of that would help mitigate this potential issue?
Thanks for your thoughts,