[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Get a running instance of the doc for a PR.

On 11/4/18 5:38 PM, Steven D'Aprano wrote:
> On Sun, Nov 04, 2018 at 12:16:14PM -0500, Ned Deily wrote:
>> On Nov 4, 2018, at 12:04, Paul Ganssle <paul at ganssle.io> wrote:
>>> Some of the concerns about increasing the surface area I think are a 
>>> bit overblown. I haven't seen any problems yet in the projects that 
>>> do this,
> You may or may not be right, but have you looked for problems or just 
> assumed that because nobody has brought any to your attention, they 
> don't exist?
> "I have seen nothing" != "there is nothing to see".
I can only speak from my experience with setuptools, but I do look at
every setuptools PR and I've never seen anything even close to this.
That said, I have also never seen anyone using my Travis or Appveyor
instances to mine cryptocurrency, but I've been told that that happens.

In any case, I think the standard should not be "this never happens"
(otherwise you also can't run CI), but that it happens rarely enough
that it's not a major problem and that you can deal with it when it does
come up. Frankly, I think the much more likely target for these sorts of
attacks is small, mostly abandoned projects with very few followers. If
you post a spam site on some ephemeral domain via the CPython CI, it's
likely that hundreds of people will notice it just because it's a very
active project. You will be banned from the project for life and
probably reported to github nearly instantly. Likely you have much more
value for your time if you target some 1-star repo that set this up 2
years ago and is maintained by someone who hasn't committed to github in
over a year.

That said, big projects like CPython are probably more likely to attract
the troll version of this, where the point isn't to get away with
hosting some content or using the CI, but to annoy and disrupt the
project itself by wasting our resources chasing down spam or whatever. I
think if that isn't already happening with comment floods on the issue
tracker, GH threads and mailing lists, it's not especially /more/ likely
to happen because people can spin up a website with a PR.

>>> and I don't think it lends itself to abuse particularly 
>>> well. Considering that the rest of the CI suite lets you run 
>>> arbitrary code on many platforms, I don't think it's particularly 
>>> more dangerous to allow people to generate ephemeral static hosted 
>>> web sites as well.
>> The rest of the CI suite does not let you publish things on the 
>> python.org domain, unless I'm forgetting something; they're clearly 
>> under a CI environment like Travis or AppVeyor or Azure.  That's 
>> really my main concern.
> Sorry Ned, I don't follow you here. It sounds like you're saying that 
> you're fine with spam or abusive content being hosted in our name, so 
> long as its hosted by somebody else, rather than by us (python.org) 
> ourselves.
> I trust I'm missing something, but I don't know what it is.

I think there are two concerns - one is that the python.org domain is
generally (currently) used for official content. If people can put
arbitrary websites on there, presumably they can exploit whatever trust
people have put into this fact.

Another is that - and I am not a web expert here - I think that the
domain where content is hosted is used as a marker of trust between
different pages, and many applications will consider anything on
*.python.org to be first-party content from other *.python.org domains.?
I believe this is the reason why readthedocs moved all hosted
documentation from *.readthedocs.org to *.readthedocs.io. Similarly
user-submitted content on PyPI is usually hosted under the
pythonhosted.org domain, not pypi.org or pypi.python.org. You'll notice
that GH also hosts user content under a githubusercontent.org domain.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20181104/2db51fa2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20181104/2db51fa2/attachment.sig>