Follow-up Comment #4, sr #111407 (group administration): This is somewhat of an XY problem. The Y part of the problem is that we are being hammered into oblivion by scraper bots that are successfully hiding behind "human shields" as it were. We have a choice of either being offline by being DDOS'd offline or blocking the abusive bad actors that are doing it. Given those two things we choose to remain online as much as we possibly can for the community of users.
Now let's talk about the X part of the problem. You are running Yocto's bitbake in an automated build. That you are blocked says you are hitting the primary system. The primary systems primary function is to provide member commit access. If we can't provide commit access then that's bad. But an automated build won't be using ssh:// protocol to push commits. So let's backup a little bit. We have recently built out a mirror system for the git repositories. These mirrors are on donated systems and operated by volunteers. They are geographically spread out in datacenters all over the planet. They are all capable of operating independently for robustness for when our primary data center is DDOS'd offline by the horde of bad actor bots. The mirrors for cgit and gitweb have been operating for a year now. I wanted to let them blaze the trail on the mirror pool. But now I am pushing people off of the primary systems for git clones and git pulls and asking people to use the git mirrors for those actions. Please switch to using the mirror pool. The most efficient transport protocol on the hosting side is the git:// protocol. That's the easiest on the servers. Though I know there will be people raising their fists in the air and yelling that the native git protocol is not encrypted. True. But if just doing a build check then it is fine. If you require encryption then https:// is available. It is a resource heavy protocol. It's a problem. We are trying our best to scale out to enough servers to have it survive. This might solve the X part of this XY problem combination. It keeps the proxied scrapers off the primary. That includes www.gnu.org and the others too! It's not just git. Everything is getting hammered into oblivion. Being geographically distributed with redundant mirrors in a Round-Robin DNS pool of servers should be more reliable. git clone --depth=1 git://git.git.savannah.gnu.org/git2cl.git git clone --depth=1 https://https.git.savannah.gnu.org/git/git2cl.git The protocol is embedded in the name of the pool and the pools are not unified for each DNS name. Because small servers can host git:// but https:// requires bigger servers. Try one of those. Please report back and say how things work for you. We appreciate positive reports the same as negative reports. _______________________________________________________ Reply to this item at: <https://savannah.nongnu.org/support/?111407> _______________________________________________ Message sent via Savannah https://savannah.nongnu.org/
signature.asc
Description: PGP signature
