Re: Add-on package downloads: an update, root cause found


Adriani Botez
 

Dear NVDA comunity,

 

I think lots of us and also many institutions are donating to this project. Would it be not possible for NV Access to automatically backup addons packages and important files from time to time on a secured server so that the risk is better mitigated?

 

It is just an idea.

 

 

Best

Adriani

 

Von: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] Im Auftrag von Joseph Lee
Gesendet: Freitag, 11. August 2017 22:33
An: nvda@nvda.groups.io
Betreff: [nvda] Add-on package downloads: an update, root cause found

 

Dear NVDA community,

 

I’m speaking as the director of NVDA Community Add-ons Coordination and Support Center (https://github.com/nvdaaddons). I’d like to give you an update on add-on package download issue and steps taken to prevent a repeat of what happened yesterday:

 

Problem: Yesterday at around 1:38 PM Pacific time (20:38 UTC), a repository deletion event was recorded on a repository used to host add-on packages for download by the community. Upon further investigations and after emailing the person who did this, it was found that the individual responsible for it have accidentally deleted the official repo hosted at Bitbucket while trying to remove forks of the repo. As a result, the individual’s commit rights were withdrawn.

 

After this, I restored the official repository from an older backup copy I had, then committed a change requested by an add-on author, which led to the current Git conflict problem. As a result, when you try to download add-on packages, you’ll find yourself looking at error 500 page.

 

Thus, the following steps were taken:

 

  • GitHub backup copy created: a backup of the repository responsible for hosting add-on packages is now live with a restriction that only I and one or two add-ons community leaders allowed to commit changes, and no-one apart from the director (I) will be able to delete this repository from now on.
  • The Bitbucket copy is live with a change: only I will be able to commit changes to it, and new contributors will be admitted if and only if they agree to never delete this repository under any circumstances unless permission is obtained.
  • Additional backups under development: in addition to GitHub version, Derek Riemer (author of Crash Hero, contributor to DictationBridge and others) has volunteered to keep the Bitbucket and GitHub versions in sync.
  • Add-on update requests suspended: I have asked add-on authors and translators to suspend requests for add-on updates and new translations until further notice.

 

I will send an update once a progress is made. Thanks, and sorry for the inconvenience.

Cheers,

Joseph

Join nvda@nvda.groups.io to automatically receive all group messages.