turnip

HTTP 503 when cloning Git repository

Bug #1975529 reported by Luís Infante da Câmara
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
turnip
Invalid
Undecided
Unassigned

Bug Description

In the last week, I tried to clone https://git.launchpad.net/ubuntu-cve-tracker over 20 times. Only 3-4 attempts succeeded, with the remaining attempts failing with the following error:

Cloning into 'ubuntu-cve-tracker'...
error: RPC failed; HTTP 503 curl 22 The requested URL returned error: 503
fatal: expected flush after ref listing

Revision history for this message
Colin Watson (cjwatson) wrote :

HTTPS clones of ubuntu-cve-tracker are deliberately throttled, because there are some vulnerability analysis tools that clone this large repository rather than using something more appropriate like OVAL exports, and before we started throttling it our service was being routinely killed (effectively DDoSed) by these.

Can you please explain your use case so that we can suggest an appropriate workaround?

affects: launchpad → turnip
Changed in turnip:
status: New → Incomplete
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

I clone the ubuntu-cve-tracker repository for the following:
* Scanning my Ubuntu systems for vulnerabilities. Ubuntu OVAL data does not suffice for this purpose, as it only covers CVEs addressed in USNs, and several important CVEs are not addressed in USNs.
* Comparing vulnerabilities. For this case, wget suffices.

Only one clone of the repository is needed.

Changed in turnip:
status: Incomplete → Invalid
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

This also happens when running git pull with this URL. A workaround is to use git+ssh://git.launchpad.net/ubuntu-cve-tracker instead.

Changed in turnip:
status: Invalid → New
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

Pulls are deliberately throttled as well: https://bugs.launchpad.net/ubuntu-cve-tracker/+bug/1943825

I will set the status of this bug to Invalid.

Changed in turnip:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.