Hello Dridi, On Mon, Mar 19, 2018 at 10:13 AM, Dridi Boukelmoune <dridi@xxxxxxxxxxxxxxxxx> wrote: > Hello list, > > Since I work on a project that uses the Coverity Scan free plan for > open source software it came to my attention today that free scans > were put on hold and resumed recently because people were abusing it > for crypto mining. > > Since I couldn't find any discussion on this list around this topic I > figured I could start one, if only to ask whether this is a > possibility for Fedora. If I'm not mistaken you don't need much more > than a FAS account to host COPR repositories and run builds. > > Could someone abuse the infra in such a way? Builds are being automatically terminated if not finished in 18 hours. The virtual machines that builds run on are also not particularly strong so if anyone tried to mine something by this method, he wouldn't get particularly rich :). Also, we would probably find out because of long-running builds are easy to discover thanks to the public build queue (it is also not like we would be running 1000 builds at once, then it would be hard to track). So I wouldn't be really worried about this. Best regards clime > > Cheers, > Dridi > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
