From: Soft Works <softworkz-at-hotmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull requests
Date: Thu, 13 Feb 2025 12:07:51 +0000
Message-ID: <BN0P223MB03582A299D224CCE08DD81D7BAFF2@BN0P223MB0358.NAMP223.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <4a677b3f-1299-4d53-be5a-d65f00f44880@noa-archive.com>
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Tobias Rapp
> Sent: Donnerstag, 13. Februar 2025 12:05
> To: ffmpeg-devel@ffmpeg.org
> Subject: Re: [FFmpeg-devel] [RFC] Experiment: enable github pull requests
>
> On 13/02/2025 01:24, Romain Beauxis wrote:
>
> > Le mer. 12 févr. 2025 à 18:17, Soft Works
> > <softworkz-at-hotmail.com@ffmpeg.org> a écrit :
> >> Hm, please help me understand what kind of spam we're talking about
> here. I can't imagine somebody would take the effort for selling some pills to
> ffmpeg developers. When it's about advertising anything, that's not the kind
> of reach those people are typically looking for.
> >>
> >> Or is it about misusing repos for storage of illegal content? The largest file
> currently is just 953kB, so we could enforce a limit small enough to make it
> unattractive for this purpose (unlike GitHub with 100MB per file).
> >>
> >> We could also disallow repos with custom content (i.e. only forks of ffmpeg
> are allowed as repo content).
> >>
> >> Then I wonder, where would be the harm? Some thousand unused forks of
> ffmpeg shouldn't be a problem - but maybe I'm overseeing something?
> > There are all sorts of copyrightable material that can be embedded
> > into a git repo.
> >
> > Also payloads for malicious software.
> >
> > etc.
> >
> > Given that this all amounts to manpower from the operator, it's
> > totally understandable that they would like to be conservative about
> > opening it up.
Hi Tobias,
> I'd like to add that with CI enabled there is the possibility that users
> of the platform abuse it to get some processing resources for free
> (crypto mining). From what I remember this was an issue for the GitLab
> instance at FreeDesktop.org.
That's indeed a problem, also with GitHub actions for which reasons, CI builds on PRs are disabled by default (and enabling it is a very hidden option). It becomes risky because multiple factors come into play:
- The definitions for CI builds are part of the repo content, so it was easy to change that for doing something entirely different and submitting this as PR
- The build runners are aiming to give you full control and abilities to make them useful for all cases, so you have root access, passwordless sudo, full network access at high bandwidths (at least in case of GH Actions and Azure DevOps)
- The hosters cannot make any assumptions about your CI builds: how long it usually takes, which resources are required and whch kind of things you're executing, so the only thing they are doing is to isolate those VMs and let each job run on a fresh VM image.
- As a user of these services you actually don't need to care much about it, except for one thing: when you have any secrets in place that are needed to accessing other services or when the that the job uses for repo access has other permissions that could be used in some malicious way
In case of ffmpeg it's not that risky, because we know exactly what's needed and whatnot, so constraints can be applied to build machines like:
- limiting the maximum execution time
on a super-slow (free tier) Google cloud VM, ffmpeg build plus FATE takes about 20min, so it can be limited to 30min
- restricting network access
an ffmpeg build doesn't require network access to arbitrary destinations, so this can be locked down as well
With these two measures, the CI builds are pretty useless already for any malicious operations.
Oh, just while writing this reminded me that for the ffstaging (GitHub-sync-to-ML) setup I had applied and been granted 10 parallel build jobs without (monthly total) limit on Azure DevOps. Each job can run for 6h max, but you can start a new one then. This means 10 build machines can run in parallel 24/7 all time.
Since the application was "for building ffmpeg PRs" it would be perfectly fine to use this capacity for our CI builds.
That way, we also do not need to be that much concerned about potential abuse. 😉
sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-02-13 12:08 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-12 18:06 Michael Niedermayer
2025-02-12 18:49 ` Lynne
2025-02-12 18:53 ` Romain Beauxis
2025-02-12 19:23 ` Lynne
2025-02-12 21:22 ` Stephen Hutchinson
2025-02-12 21:32 ` Timo Rothenpieler
2025-02-12 21:37 ` Soft Works
2025-02-12 21:51 ` Timo Rothenpieler
2025-02-12 22:01 ` Soft Works
2025-02-12 22:05 ` Timo Rothenpieler
2025-02-12 22:16 ` Soft Works
2025-02-12 23:29 ` Timo Rothenpieler
2025-02-12 23:34 ` Kieran Kunhya via ffmpeg-devel
2025-02-13 0:27 ` Timo Rothenpieler
2025-02-13 12:07 ` Tomas Härdin
2025-02-13 4:05 ` martin schitter
2025-02-13 8:49 ` Leo Izen
2025-02-13 9:27 ` Tanay Manerikar
2025-02-13 12:40 ` Leo Izen
2025-02-13 9:49 ` Gyan Doshi
2025-02-13 10:30 ` Soft Works
2025-02-13 12:37 ` Leo Izen
2025-02-13 13:32 ` Timo Rothenpieler
2025-02-12 22:12 ` Romain Beauxis
2025-02-12 23:22 ` Soft Works
2025-02-12 23:07 ` Soft Works
2025-02-12 23:34 ` Timo Rothenpieler
2025-02-13 0:17 ` Soft Works
2025-02-13 0:24 ` Romain Beauxis
2025-02-13 0:40 ` Soft Works
2025-02-13 1:52 ` Timo Rothenpieler
2025-02-13 2:59 ` Soft Works
2025-02-13 6:14 ` Lynne
2025-02-13 6:50 ` martin schitter
2025-02-13 6:54 ` Soft Works
2025-02-13 7:24 ` Soft Works
2025-02-13 13:32 ` Timo Rothenpieler
2025-02-13 11:04 ` Tobias Rapp
2025-02-13 12:07 ` Soft Works [this message]
2025-02-13 12:27 ` Soft Works
2025-02-13 13:37 ` Timo Rothenpieler
2025-02-13 12:10 ` Tomas Härdin
2025-02-13 12:38 ` martin schitter
2025-02-12 20:38 ` Michael Niedermayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BN0P223MB03582A299D224CCE08DD81D7BAFF2@BN0P223MB0358.NAMP223.PROD.OUTLOOK.COM \
--to=softworkz-at-hotmail.com@ffmpeg.org \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git