Re: Emba project visibility

[J.P.]

Joel Reicher <joel.reicher@gmail.com> writes:

> "J.P." <jp@neverwas.me> writes:
>
>> For a few years now, ERC has been running a cron that monitors the
>> buildstatus list and scrapes raw job logs like
>>
>>   https://emba.gnu.org/emacs/emacs/-/jobs/104337/raw
>>
>> looking for any ERC-related failures. (FWIW, we originally used the
>> junit-test-report.xml artifact but ran into occasional parsing snags.)  If
>> the cron finds something relevant, it emits an alert to an IRC channel for
>> our maintainers to see. Obviously, this has ceased to function of late.
>
> Sorry for the delay in responding; it's been a week.
>
> I've "opened up" access again so that the link above should work. I am fairly
> sure EMBA will start getting attacked again, but instead of reverting the
> change I've just made I will instead try to narrow access while keeping that
> link working; it gives me a test case I can use.

Narrowing makes sense. In addition to those /raw blob files, it would
also be helpful to exempt individual resources in the navigable
artifacts endpoints under each job, for example:

  
https://emba.gnu.org/emacs/emacs/-/jobs/104337/artifacts/file/test-all-inotify-f0bec20a/junit-test-report.xml

> Regarding a more sophisticated protection mechanism such as Anubis, it and
> others are getting a lot of discussion amongst the FSF tech staff as all of
> the FSF assets are getting assaulted by the same things that were bringing
> down EMBA. I am monitoring that discussion for things that I can use with
> EMBA, but the current view is that Anubis doesn't comply with FSF's freedom
> standards because it uses JS.

I'd interested in following along if any of those discussions are public
or become so in the future. Thanks a lot for doing this.