Would be great to comment on the JiRA ticket. I think there is somewhat misunderstanding of the problem on the side of INFRA and i think we need to convince them they have not assessed the consequences properly
wt., 14 lut 2023, 01:02 użytkownik Pierre Jeambrun <pierrejb...@gmail.com> napisał: > Hello, > > I share Jarek and Dennis' concerns. > > It would be very hard to maintain enough responsiveness to not discourage > external contributions while still trying to actually check the changes > before approving a workflow. > > We have hundreds of workflows a day (~150 - 200 in the last 24hours, it > would be interesting to have an average number here). Even without internal > contributions that would still leave a substantial amount to check, we > divide that by the number of active committers and this is... terrifying. > > I really hope that we can find another way to prevent GHA abuse. > > Best Regards, > Pierre > > Le lun. 13 févr. 2023 à 21:59, Jarek Potiuk <ja...@potiuk.com> a écrit : > >> For others who might also share the same concerns, my ticket where I >> explain what effects it will have on our project, and in comment I >> also respond to Greg's worries about stealing individual accounts. >> >> https://issues.apache.org/jira/browse/INFRA-24200 >> >> Maybe for other projects it is not as important as it is for Airflow, >> maybe the amount of traffic and outside contributors is not that bad - >> and for those projects I think the policy might make sense. >> But I strongly believe that for many projects that have a lot of >> outside contributors it will have a similar effect as I believe it >> will have for Airflow (and the goal of increased security will not be >> achieved). >> >> And I do not want to argue, Greg, nor shout at anyone (so just >> anticipating, I would really appreciate not shouting at me for raising >> a yellow flag). >> >> I am not saying that it is all "wrong" and making a revolution. I just >> think that you should reconsider the policy of disabling it for >> everyone and then "justifying" why you need an exception rather than >> just (how it was so far) choosing appropriate policy via .asf.yml. >> >> I believe the reasons everyone will mention in their tickets will be >> similar to ours and maybe, just maybe, simply leaving it up to a >> project to control the policy (with default "require approval") is >> much better than top-bottom forcing it and expecting some kind of >> justification. >> >> Quoting a person from my project: >> >> 'Yeah, that sounds like a really bad decision for our workflow. It >> makes me wonder how other projects are handling their workflow if this >> doesn't break them. I can only see this working for a small team who >> are all/mostly committers and rarely get outside contributions.` >> >> >> J. >> >> >> On Mon, Feb 13, 2023 at 9:26 PM Jarek Potiuk <ja...@potiuk.com> wrote: >> > >> > Surely. I will. >> > >> > On Mon, Feb 13, 2023 at 9:01 PM Greg Stein <gst...@gmail.com> wrote: >> > > >> > > 1. JohnDoe submits a PR, and somebody on the PMC flips the bit to >> allow GHA to run now and in the future. >> > > 2. BlackHat steals JohnDoe's credentials >> > > 3. BlackHat submits a PR to mine crypto. GHA starts running before >> any human can stop it. >> > > >> > > Explain how to correct that in your ticket. >> > > >> > > Cheers, >> > > -g >> > > >> > > >> > > On Mon, Feb 13, 2023 at 1:56 PM Jarek Potiuk <ja...@potiuk.com> >> wrote: >> > >> >> > >> I will raise a ticket and explain. >> > >> >> > >> But This would be a huge blow to the Airflow community and almost >> > >> immediate burn-out of the active committers if it goes life for >> > >> Airflow. And likely many other projects. >> > >> >> > >> I am very strongly convinced it should not be enforced. >> > >> >> > >> J. >> > >> >> > >> On Mon, Feb 13, 2023 at 8:51 PM Daniel Gruno <humbed...@apache.org> >> wrote: >> > >> > >> > >> > To Project PMCs: >> > >> > >> > >> > GitHub for Apache projects is currently set to allow a >> non-committer >> > >> > contributor to use GitHub Actions if a previous pull request by >> that >> > >> > person has been approved. >> > >> > >> > >> > This has raised some security concerns, and could cause issues with >> > >> > overall use and availability of GitHub Actions. >> > >> > >> > >> > The Infrastructure Team proposes to change the default to “always >> > >> > require approval for external contributors”. We intend to make this >> > >> > change on Sunday the 19th of March, 2023. >> > >> > >> > >> > This change will apply to all GitHub repositories that do not >> already >> > >> > have a specific GitHub Actions policy set. >> > >> > >> > >> > Projects that have a strong desire to use the “only need approval >> first >> > >> > time” option should communicate that, explaining their reasons, in >> a >> > >> > Jira ticket for Infra. Please be as specific as you can in which >> > >> > repositories you wish to have this option set for, should you >> choose to. >> > >> > >> > >> > With regards, >> > >> > Daniel, on behalf of the ASF Infrastructure Team. >> >
