From branko at majic.rs  Mon Jul 21 17:32:11 2025
From: branko at majic.rs (Branko Majic)
Date: Mon, 21 Jul 2025 19:32:11 +0200
Subject: Authentication required to access Kallithea repository
Message-ID: <20250721193211.65b11f86@majic.rs>

Hello folks,

Since July 1st (from what I can tell) it seems that accessing the
Kallithea repository at https://kallithea-scm.org/repos/kallithea
requires authentication.

When hitting the https://kallithea-scm.org/repos/ URL, the list of
repositories is empty.

Based on the cronjob reports I get, on June 30th there was also an
internal (500) error being reported, not sure if it might be related in
some shape or form to the authentication requirement.

Is this a known issue at this point or...?

Best regards,
Branko

-- 
Branko Majic
XMPP: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
XMPP: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20250721/f9cb71ff/attachment.sig>

From mads at kiilerich.com  Mon Jul 21 18:05:55 2025
From: mads at kiilerich.com (Mads Kiilerich)
Date: Mon, 21 Jul 2025 20:05:55 +0200
Subject: Authentication required to access Kallithea repository
In-Reply-To: <20250721193211.65b11f86@majic.rs>
References: <20250721193211.65b11f86@majic.rs>
Message-ID: <4ae455a8-77e9-4917-a241-d7f525f9c695@kiilerich.com>

Hi

Sorry about that. So many bots were hitting so many dead repos on the 
server, and I was cleaning up some access. But I didn't notice I had 
made a mistake and the main repository had been made private too. That 
has been fixed now.

I hope your cron jobs don't contribute to the server load ;-)

/Mads


On 21/07/2025 19:32, Branko Majic wrote:
> Hello folks,
>
> Since July 1st (from what I can tell) it seems that accessing the
> Kallithea repository at https://kallithea-scm.org/repos/kallithea
> requires authentication.
>
> When hitting the https://kallithea-scm.org/repos/ URL, the list of
> repositories is empty.
>
> Based on the cronjob reports I get, on June 30th there was also an
> internal (500) error being reported, not sure if it might be related in
> some shape or form to the authentication requirement.
>
> Is this a known issue at this point or...?
>
> Best regards,
> Branko
>
>
> _______________________________________________
> kallithea-general mailing list
> kallithea-general at sfconservancy.org
> https://lists.sfconservancy.org/mailman/listinfo/kallithea-general



From branko at majic.rs  Mon Jul 21 20:26:50 2025
From: branko at majic.rs (Branko Majic)
Date: Mon, 21 Jul 2025 22:26:50 +0200
Subject: Authentication required to access Kallithea repository
In-Reply-To: <4ae455a8-77e9-4917-a241-d7f525f9c695@kiilerich.com>
References: <20250721193211.65b11f86@majic.rs>
 <4ae455a8-77e9-4917-a241-d7f525f9c695@kiilerich.com>
Message-ID: <20250721222650.2e16d55b@majic.rs>

On Mon, 21 Jul 2025 20:05:55 +0200
Mads Kiilerich <mads at kiilerich.com> wrote:

> Hi
> 
> Sorry about that. So many bots were hitting so many dead repos on the 
> server, and I was cleaning up some access. But I didn't notice I had 
> made a mistake and the main repository had been made private too.
> That has been fixed now.

No worries, kinda aware of the plague that is hitting everything it can
nowadays - and thanks for responding so quickly about it. :)
 
> I hope your cron jobs don't contribute to the server load ;-)

Well, they certainly do create _some_ load, but I really hope it is not
making too much of an impact. I have two servers that hit the
repository once per day to check for possible updates, and a third
(test env) that does it every now and then when I bring it up for
infra "development".

Now... If an up-to-date version of Kallithea were available on PyPI, I
could probably drop all of that. So maybe as a follow-up - would it be
possible to restart releasing official Kallithea packages? What pieces
might be missing for this?

Otherwise... There are probably some ways I could go around
implementing these checks if the load is a problem - last time I  tried
I did have some issues around how pip and pip-tools (pip-compile in
particular) behaved with a couple of alternate approaches I tried, and
ended up falling back to pulling directly from the repo.

Best regards,
Branko

-- 
Branko Majic
XMPP: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
XMPP: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20250721/d3db0e88/attachment.sig>

From mads at kiilerich.com  Mon Jul 21 20:53:39 2025
From: mads at kiilerich.com (Mads Kiilerich)
Date: Mon, 21 Jul 2025 22:53:39 +0200
Subject: Authentication required to access Kallithea repository
In-Reply-To: <20250721222650.2e16d55b@majic.rs>
References: <20250721193211.65b11f86@majic.rs>
 <4ae455a8-77e9-4917-a241-d7f525f9c695@kiilerich.com>
 <20250721222650.2e16d55b@majic.rs>
Message-ID: <70af10ba-57a6-4c0c-b52b-adf48bb75eda@kiilerich.com>

On 21/07/2025 22:26, Branko Majic wrote:
>   
>> I hope your cron jobs don't contribute to the server load ;-)
> Well, they certainly do create _some_ load, but I really hope it is not
> making too much of an impact. I have two servers that hit the
> repository once per day to check for possible updates, and a third
> (test env) that does it every now and then when I bring it up for
> infra "development".


That seems fair and not a problem. Incognito crawlers that seem to 
ignore robots.txt are more annoying...


> Now... If an up-to-date version of Kallithea were available on PyPI, I
> could probably drop all of that. So maybe as a follow-up - would it be
> possible to restart releasing official Kallithea packages? What pieces
> might be missing for this?
>
> Otherwise... There are probably some ways I could go around
> implementing these checks if the load is a problem - last time I  tried
> I did have some issues around how pip and pip-tools (pip-compile in
> particular) behaved with a couple of alternate approaches I tried, and
> ended up falling back to pulling directly from the repo.


I could imagine that uploads to pypi only would solve your use case if 
we promised to publish the dev branch to pypi nightly. That doesn't seem 
like a good solution.

It could indeed be somewhat nice to have a less outdated latest release. 
But it would be a non-zero amount of work with very little benefit and 
thus little motivation. And I would have to ask Thomas - his knowledge 
of the "usual" release process is less outdated than mine. But I think 
it works ok to just recommend installing from the head of the repo.

The problem with pip is probably that we can't use latest pip versions 
because packaging bugs in our dependencies.

/Mads
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20250721/9eaed771/attachment.html>