On Wednesday 18 June 2008 16:24:35 Michal Marek wrote: ..
Problem #2 (practical): To implement good heuristics, the wizard at least needs to look into the source tarball (if not run some commands...). Here comes the problem: 'tar tf foo-1.1.tar.bz2' can take a *lot* of cpu time, so where to perform such expensive actions? a) on the frontend - can be abused for DoS easily b) let the client send the filelist along with the tarball - makes the client implementation too complicated, plus moves the DoS problem from the frontend to the webclient c) on the backend, dispatching the jobs to workers - would also allow for more dangerous analysis of the package, but would impose additional delays d) create a separate wizard service and do all the job there - would also solve problem #1, but would make the client implementation a bit more difficult (need to talk to two different servers) e) [insert great idea here]?
What is with having an own service for this but handle it via the API ? We could run this service inside of a chroot or maybe even on a remote system, but not necessary on the backend server. This service would work on the scanning jobs sequential to avoid the DoS. You would need to implement some kind of waiting procedure in the frontend for this to give the user feedback ... bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org