Mailinglist Archive: opensuse-buildservice (87 mails)

< Previous Next >
[opensuse-buildservice] Possible mistake with OSC
Hi there,

I was recently trying to submit a package update to the internal
SUSE:SLE-15-SP2:GA repo. Because the package had been deleted I was required to
re-branch it, but in the process I forgot to use my internal alias (iosc) which
meant that I accidentally updated to build.opensuse.org.

https://build.opensuse.org/projects/SUSE:SLE-15-SP2:GA/pulse

Now this caused me to have a bit of an anxious moment - had I just leaked all
of SUSE's internal SLE-15-SP2 into the public internet? I'd like to know if:

A) I have just massively leaked content
B) This mirror is an intentional part of the build.opensuse.org system

Following on from that, it leads me to an observation, which is that osc is
really hard to get right from a psychology perspective. It's *easy* to make
mistakes or accidentally leak content like this. In this case because I already
had a branch from internal osc, when I re-checked it out the change in
behaviour (a lack of consistency in design terms) caused me to believe I was
still working internally when I was not.

A simple suggestion is that with osc, if you have *multiple* connections in
.config/osc/oscrc, and the current action doesn't "know" which to use, instead
of assuming the default, prompt the user to provide the connection
details or select which one. IE:

# osc branch thing otherthingy
Which instance would you like to do this in?
1) https://build.opensuse.org
2) https://internal.obs.instance
[default: 1] #


Second, the presence of the SUSE:SLE-15-SP2:GA if intentional, is also
surprising behaviour - because it meant that a command on the internal instance
also works on the external instance - there is no feedback or constraint that
could stop this. This poses a risk because without the osc switching as listed
above, it could be very easy for someone to have submitted an MR/SR that would
leak vendor or private content to the public instance.

As a result to prevent this another suggestion is that if this *is* a public
mirror of the content, then it should have a different name. This way it
becomes impossible to accidentally submit the MR/SR to the public mirror
because the project does not exist. (This is a constraint in design terms).

Thanks,

--
Sincerely,

William




Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups