On 03/19/2018 08:38 AM, Michal Novotny wrote: > Hello Dridi, > > On Mon, Mar 19, 2018 at 10:13 AM, Dridi Boukelmoune > <dridi@xxxxxxxxxxxxxxxxx> wrote: >> Hello list, >> >> Since I work on a project that uses the Coverity Scan free plan for >> open source software it came to my attention today that free scans >> were put on hold and resumed recently because people were abusing it >> for crypto mining. >> >> Since I couldn't find any discussion on this list around this topic I >> figured I could start one, if only to ask whether this is a >> possibility for Fedora. If I'm not mistaken you don't need much more >> than a FAS account to host COPR repositories and run builds. >> >> Could someone abuse the infra in such a way? > > Builds are being automatically terminated if not finished in 18 hours. > The virtual machines that builds run on are also not particularly strong > so if anyone tried to mine something by this method, he wouldn't > get particularly rich :). > > Also, we would probably find out because of long-running builds > are easy to discover thanks to the public build queue (it is also not > like we would be running 1000 builds at once, then it would be hard > to track). > > So I wouldn't be really worried about this. koji also has a timeout. To be completely clear here, crypto-mining is not a valid use of Fedora Project resources. Hopefully our community realizes and respects this. If it becomes a problem we would of course have to spend some time in detection and killing such processes, but I hope it doesn't come to that. kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
