We just had an interesting discussion in our team and we'd love to ask
you, copr devs, about your opinion.
Would that be a big of a deal if packit-service sent thousands of
build requests within a short period of time?
Context: right now in our packit github app we only allow builds being
triggered by "trusted" contributors. So if a person opens a PR on a
project and is not a contributor, that request is not being built -
the project maintainer needs to trigger the build manually. We
received suggestions to drop this and build all PRs no matter who
contributed them.
Our main concern is that someone could create a malicious contribution
which would get into copr or some bot would open thousands of useless
PRs, thus DoSing CI systems.
Did you already have problems with this? Would this be a concern?
[using user-cont-team@ ML since that's our only public list]