My fault. I should not have upgraded the server.
New release is patchbot tagged 2.7.1. Please clients, update.
Le jeudi 23 novembre 2017 18:43:43 UTC+1, Thierry (sage-googlesucks@xxx) a
écrit :
>
> Hi,
>
> if you update the patchbot server to not send the list of trusted authors
> anymore, please first provide an adapted version of the client (and imho,
> continue to serve the file until all active clients get up-to-date) !
>
> I got:
>
> [2017-11-23 15:35:10] Getting trusted author list...
> [2017-11-23 15:35:10] retry 9; HTTP Error 404: NOT FOUND
> [2017-11-23 15:35:41] retry 8; HTTP Error 404: NOT FOUND
> [2017-11-23 15:36:11] retry 7; HTTP Error 404: NOT FOUND
> [2017-11-23 15:36:41] retry 6; HTTP Error 404: NOT FOUND
> [2017-11-23 15:37:11] retry 5; HTTP Error 404: NOT FOUND
> [2017-11-23 15:37:41] retry 4; HTTP Error 404: NOT FOUND
> [2017-11-23 15:38:11] retry 3; HTTP Error 404: NOT FOUND
> [2017-11-23 15:38:41] retry 2; HTTP Error 404: NOT FOUND
> [2017-11-23 15:39:12] retry 1; HTTP Error 404: NOT FOUND
> [2017-11-23 15:39:42] retry 0; HTTP Error 404: NOT FOUND
> Traceback (most recent call last):
> File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
> "__main__", fname, loader, pkg_name)
> File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
> exec code in run_globals
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 1614, in <module>
> main(args)
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 1515, in main
> patchbot = Patchbot(options)
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 437, in __init__
> self.reload_config()
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 717, in reload_config
> self.config["trusted_authors"] = self.default_trusted_authors()
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 587, in default_trusted_authors
> trusted = list(self.load_json_from_server("trusted", retry=10))
> File
> "/home/sagemath/.local/lib/python2.7/site-packages/sage_patchbot/patchbot.py",
>
>
> line 562, in load_json_from_server
> full_str = urlopen(ad, timeout=10).read().decode('utf8')
> File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
> return opener.open(url, data, timeout)
> File "/usr/lib/python2.7/urllib2.py", line 435, in open
> response = meth(req, response)
> File "/usr/lib/python2.7/urllib2.py", line 548, in http_response
> 'http', request, response, code, msg, hdrs)
> File "/usr/lib/python2.7/urllib2.py", line 473, in error
> return self._call_chain(*args)
> File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
> result = func(*args)
> File "/usr/lib/python2.7/urllib2.py", line 556, in http_error_default
> raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
> urllib2.HTTPError: HTTP Error 404: NOT FOUND
>
> Ciao,
> Thierry
>
>
>
>
> On Sat, Nov 18, 2017 at 08:46:07PM +0100, Vincent Delecroix wrote:
> > On 16/11/2017 11:32, Erik Bray wrote:
> > >On Wed, Nov 15, 2017 at 10:00 AM, David Loeffler
> > ><[email protected] <javascript:>> wrote:
> > >>I'd like to request opinions on whether we should get rid of the
> "Trusted
> > >>Authors" check in the Sage patchbot.
> > >>
> > >>At present, the patchbot won't test a ticket unless all of the names
> in the
> > >>Trac "Authors" field have had at least one ticket previously merged.
> > >>Presumably the intention of this is to prevent people uploading git
> branches
> > >>with malicious code that will hijack the patchbot servers. But the
> "Authors"
> > >>field is a free text field; there's nothing to stop anybody with a
> trac
> > >>account uploading a git branch with author set to "William Stein", or
> > >>"Mickey Mouse" for that matter. So this feature provides zero actual
> > >>security against attacks, and only serves to make life more difficult
> for
> > >>legitimate users -- and, worse still, it specifically targets new
> > >>contributors who we want at all costs to encourage.
> > >>
> > >>So I would advocate getting rid of the "Trust" feature -- or at least
> > >>adjusting it so it runs the ticket if any of the authors are trusted
> (rather
> > >>than all of them). What do others here think of this idea?
> > >>
> > >>(I spotted this while reviewing ticket 19169, where the authors are a
> group
> > >>of first-time Sage contributors from Sage Days 69 in 2015. The ticket
> has
> > >>been languishing in needs-review purgatory for most of the intervening
> 2
> > >>years, and the fact that it didn't have a green light from the
> patchbot
> > >>probably contributed to that.)
> > >
> > >+1 please consider opening an issue at
> https://github.com/sagemath/sage-patchbot
> >
> > Indeed.
> >
> > >I believe it's already possible to configure a patchbot to allow
> > >"untrusted" authors, but it's not the default. You're right that the
> > >"feature" makes no sense.
> >
> > Not exactly. You can have a custom "white list".
> >
> > >The only way to run a patchbot anything remotely "securely" is to be
> > >running it on an isolated VM. A lot of the other defaults for the
> > >patchbot (such as not testing package updates) are similarly false
> > >security, as we discussed here a few days ago.
> >
> > The real problem is that the patchbot would have to find the tarball! We
> do
> > not have a canonical place for them.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "sage-devel" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > To post to this group, send email to [email protected]
> <javascript:>.
> > Visit this group at https://groups.google.com/group/sage-devel.
> > For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.
