7 Oct
2019
7 Oct
'19
23:56
Hi there, I was recently trying to submit a package update to the internal SUSE:SLE-15-SP2:GA repo. Because the package had been deleted I was required to re-branch it, but in the process I forgot to use my internal alias (iosc) which meant that I accidentally updated to build.opensuse.org. https://build.opensuse.org/projects/SUSE:SLE-15-SP2:GA/pulse Now this caused me to have a bit of an anxious moment - had I just leaked all of SUSE's internal SLE-15-SP2 into the public internet? I'd like to know if: A) I have just massively leaked content B) This mirror is an intentional part of the build.opensuse.org system Following on from that, it leads me to an observation, which is that osc is really hard to get right from a psychology perspective. It's *easy* to make mistakes or accidentally leak content like this. In this case because I already had a branch from internal osc, when I re-checked it out the change in behaviour (a lack of consistency in design terms) caused me to believe I was still working internally when I was not. A simple suggestion is that with osc, if you have *multiple* connections in .config/osc/oscrc, and the current action doesn't "know" which to use, instead of assuming the default, prompt the user to provide the connection details or select which one. IE: # osc branch thing otherthingy > Which instance would you like to do this in? 1) https://build.opensuse.org 2) https://internal.obs.instance [default: 1] # Second, the presence of the SUSE:SLE-15-SP2:GA if intentional, is also surprising behaviour - because it meant that a command on the internal instance also works on the external instance - there is no feedback or constraint that could stop this. This poses a risk because without the osc switching as listed above, it could be very easy for someone to have submitted an MR/SR that would leak vendor or private content to the public instance. As a result to prevent this another suggestion is that if this *is* a public mirror of the content, then it should have a different name. This way it becomes impossible to accidentally submit the MR/SR to the public mirror because the project does not exist. (This is a constraint in design terms). Thanks, -- Sincerely, William — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org