copr icon indicating copy to clipboard operation
copr copied to clipboard
verified publisher icon fedora-copr

Define which parts of Copr should be protected against AI bots and deploy

Open nikromen opened this issue 4 months ago • 10 comments

I’d like to open a discussion about which parts of Fedora Copr should be protected from AI bots. Currently, I think we should protect the entire user-related frontend (and dist-git), with some exceptions.

Protect proposal:

  • frontend
    • protect /
    • Exclude (no protection needed):
      • /api_3/
      • /backend/
      • login?
  • dist-git
    • protect /
    • exclude
      • /git
      • /repo

Open question:

  • Should the backend's browsing interface also be protected?
  • Is there any extra configuration you would like to see implemented? (e.g. more difficult algorithm for CHALLENGEs...)

Note: Anubis has sensible defaults, so it shouldn't do anything harmful even if deployed e.g. to someone who is trying to git clone from /git - but it may have false-positives and/or could slow down the traffic (which is something we want for bots, not for our tools).

Do this after https://github.com/fedora-copr/copr/issues/3866

nikromen avatar Sep 05 '25 15:09 nikromen