Bug#908678: security-tracker - Breaks salsa.d.o
On Thu, Sep 13, 2018 at 7:37 PM, Salvatore Bonaccorso wrote: > Do you have any hints at us on what we could look at to faciliate/help > more salsa maintainers? I think I read on IRC that the main thing is that the design of git is not optimised for having large and growing files that change on every commit. So splitting them up into to one file per CVE/DSA/DLA/etc might help? Or switching from git to a database or something like restic or borg. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#908678: security-tracker - Breaks salsa.d.o
Hi Bastian, On Wed, Sep 12, 2018 at 03:10:56PM +0200, Bastian Blank wrote: > Package: security-tracker > Severity: critical > > The security tracker git repository is in a state which git does not > really like. git clone takes ages, fsck takes ages, repack is reported > to be impossible. > > The GitLab on salsa.d.o also chokes on it some times during git > operations. Some may be attributed to the old diff formatter problem, > which I hope gets fixed soon. But lately it even caused stalls on git > operation. > > As the problems caused by the state of this repo now causes user visible > outages, this needs to be fixed. Do you have any hints at us on what we could look at to faciliate/help more salsa maintainers? What is actually this old diff formater problem you mentioned which going to be solved? Would it in the meantime help to make the access only for logged in users/restricted? Regards, Salvatore
Processed: tagging 908678
Processing commands for cont...@bugs.debian.org: > tags 908678 + confirmed Bug #908678 [security-tracker] security-tracker - Breaks salsa.d.o Added tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 908678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
External check
CVE-2018-14620: TODO: check CVE-2018-14636: TODO: check, needs to be understood if this is in src:nova or src:neutron, see Red Hat Bugzilla comments -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
Missing bug references for embedded-code-copies data
https://bugs.debian.org/836577 https://bugs.debian.org/838730 https://bugs.debian.org/906039 https://bugs.debian.org/908548 -- The output might be a bit terse, but the above bugs are known to be missing from the embedded-code-copies data.
