[Bug 1962449] [NEW] [SRU to impish] Mitigate KNS load on KDE servers

Rik Mills 1962449 at bugs.launchpad.net
Mon Feb 28 08:04:46 UTC 2022 

Public bug reported:

See:
https://mail.kde.org/pipermail/distributions/2022-February/001140.html

Dear distributors,
In the last few days, we have been looking into mitigating the impact
of Discover against certain KDE web services.

Some of the problems can be addressed in the service itself but not
them entirely, so it would be useful if the following changes were
backported into your own packaging. We have already included it in our
stable branches but on the distributions that ship unsupported
versions of our software it would be useful you can apply these
patches.

https://invent.kde.org/frameworks/knewstuff/-/commit/c8165b7a0d622e318b3353ccf257a8f229dd12c9
https://invent.kde.org/frameworks/knewstuff/-/commit/e1c6f2bf383876a31cd3e3f9e6edcaa19dc0a7dd

https://invent.kde.org/plasma/plasma-desktop/-/commit/b85cf34298c274b5f16cb6c2aead7b87f0dabbb8
https://invent.kde.org/plasma/discover/-/commit/6257e21c313e21afd80d101d24c78d66621236b1

If you feel unsure about the patch on a specific branch, feel free to
contact me here or in private and I will backport it if necessary.

Impact]

 * Effectively a DDOS on some KDE servers that were not intended to take
this traffic

[Test Plan]

 * Test that Discover functions normally with the changes. e.g. KNS,
packagekit, snap backends work as intended.

[Where problems could occur]

 * Could fail to fetch resources, crash etc. It will need to be tested
with a reasonable sample of these that this does not happen.

** Affects: plasma-discover (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: plasma-discover (Ubuntu Impish)
     Importance: Undecided
         Status: In Progress

** Also affects: plasma-discover (Ubuntu Impish)
   Importance: Undecided
       Status: New

** Changed in: plasma-discover (Ubuntu Impish)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to plasma-discover in Ubuntu.
Matching subscriptions: plasma-discover
https://bugs.launchpad.net/bugs/1962449

Title:
  [SRU to impish] Mitigate KNS load on KDE servers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/plasma-discover/+bug/1962449/+subscriptions

More information about the kubuntu-bugs mailing list