From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces~public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id 8IPlHnApCWiwzAEAWB0awg
	(envelope-from <gdb-bounces~public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Wed, 23 Apr 2025 13:54:56 -0400
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=cZ6U4MO/;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 795D61E0C3; Wed, 23 Apr 2025 13:54:56 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-5.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED autolearn=unavailable autolearn_force=no
	version=4.0.1
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 01F6E1E05C
	for <public-inbox@simark.ca>; Wed, 23 Apr 2025 13:54:56 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 962103858D26
	for <public-inbox@simark.ca>; Wed, 23 Apr 2025 17:54:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 962103858D26
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1745430895;
	bh=Cq4gwznv3GflQExa44KO/pwqgqHQTnZgtJ0r3J/entc=;
	h=Date:To:Cc:Subject:References:In-Reply-To:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=cZ6U4MO/OltKHILU1Anl1ouU17S37kaAphnnFgiotFJjudBHKu4ZfDEPzvrAsiIF6
	 aCNqBLhw9bK2DCZ7dn5+ycBQYDgt2hZekCf/PMKbkVJ5fVJEJ7XfXFgpUBc55EXBrB
	 MRkLL+JA6XJfwwl9M0BNXTyBgoiPEYrOvpl7sVFk=
Received: from elastic.org (elastic.org [96.126.110.187])
 by sourceware.org (Postfix) with ESMTPS id 51A033858D26;
 Wed, 23 Apr 2025 17:49:25 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 51A033858D26
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 51A033858D26
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1745430566; cv=none;
 b=muI0PG+oMQrCGHuF845Qevbfynk0FFOOqgES6y1ovYnnvbZNJzjEDPMsFpoQpGhs7CLVASxOGYwPTKstEBYKs7eGB6aPDLcoFT6EKShBDxxNxElKknVQkNb+WQWikJhsBSgNObJ3vOoZ5icjQtQ+ABIqg5Z0XbQmcnUY3X8CVr0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1745430566; c=relaxed/simple;
 bh=1tgk4/p3xRBJ0zesR+bG85pqqfdO2bqxc8XiiTaAdkU=;
 h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version;
 b=Q/5H9YRiWKJ18M9vUeyVwCAXkrw2sqWf8hAOS+wzAJJtiwkJwsa7WX26qUUaIpBOwSQ8QdGI+y931omgz3pgf4CJAEbFzHkfLjmQfrpSFb5wtUayEjb/4u/vB9q1xDwqkvStXKpmYc7AOVibb8tTvgDEBAptuhXcvwHK4hGzup0=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 51A033858D26
Received: from vpn-home.elastic.org ([10.0.0.2] helo=elastic.org)
 by elastic.org with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
 (Exim 4.98.2) (envelope-from <fche@elastic.org>)
 id 1u7eDs-00000006t0F-0n3e; Wed, 23 Apr 2025 17:49:24 +0000
Received: from fche by elastic.org with local (Exim 4.98.2)
 (envelope-from <fche@elastic.org>) id 1u7eDr-00000000Ebc-3yGr;
 Wed, 23 Apr 2025 13:49:23 -0400
Date: Wed, 23 Apr 2025 13:49:23 -0400
To: Overseers mailing list <overseers@sourceware.org>
Cc: Mark Wielaard <mark@klomp.org>,
 Christophe Lyon <christophe.lyon@linaro.org>,
 binutils@sourceware.org, elfutils-devel@sourceware.org,
 gcc@gcc.gnu.org, gdb@sourceware.org, libc-alpha@sourceware.org,
 libabigail@sourceware.org, newlib@sourceware.org
Subject: Re: scraperbot protection - Patchwork and Bunsen behind Anubis
Message-ID: <aAkoI9v_N5tgjED7@elastic.org>
References: <20250421155940.GE2323@gnu.wildebeest.org>
 <CAPS5khZh78WSrjokQe1o9C8M8qDFiYbxUur8yxnGnBAPTHHCzg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAPS5khZh78WSrjokQe1o9C8M8qDFiYbxUur8yxnGnBAPTHHCzg@mail.gmail.com>
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
From: "Frank Ch. Eigler via Gdb" <gdb@sourceware.org>
Reply-To: "Frank Ch. Eigler" <fche@elastic.org>
Errors-To: gdb-bounces~public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces~public-inbox=simark.ca@sourceware.org>

Hi -

> We were wondering if it would be possible / suitable to have https
> requests served by one container,
> and ssh ones by another? Maybe that's already the case though...

SSH stuff is already (un)contained.

> [...]
> so maybe it would help if we switched to ssh access for our CI user
> when cloning GCC / binuitls / etc sources?

What you'd need is a ssh identity with logon access for the bots.
That's not something we normally do (sourceware accounts are personal
and usually have read-write access to -some- git repos.)  But we could
support read-only ssh accounts for bots.  (read-only for safety, i.e.,
not member of any particular git unix-group/project.)

- FChE