[Jenkins-infra] Revisiting access control for anonymized "census data"

R. Tyler Croy tyler at monkeypox.org
Tue Jun 7 15:58:22 UTC 2016

For a long-long time "census data", anonymized usage collection information,
was shared under jenkins-ci.org/census to those who asked. The path, /census/
was guarded by a simple HTTP Basic Auth prompt and a user/password combination
that was so readily shared that you can find it in the mailing list archives.

In the process of revamping this stats collection and delivery infrastructure,
we have migrated to census.jenkins.io and I have the following ticket assigned
to me: <https://issues.jenkins-ci.org/browse/INFRA-682>

    "Write down process to request & grant access to census.jenkins.io"

In thinking about this ticket, and discussing a bit more with abayer, I'm not
convinced that "census access control" makes sense anymore. If memory serves,
the reason we originally put a gate in front was because we were not confident
in the anonymization of our data. This was ages ago, and I'm fairly confident
/now/ in it :)

The other concern behind access control was preventing bandwidth abuses, by
clients downloading massive datasets over and over again. I'm not convinced
this is an issue anymore with our current infrastructure and as we have shown
with archives.jenkins-ci.org, we're more than capable of throttling download


 * License the dataset under the Open Database License 1.0
 * Remove access controls to census data (but introduce some throttling to
   prevent abuses)

That's kind of it :)

- R. Tyler Croy

     Code: <https://github.com/rtyler>
  Chatter: <https://twitter.com/agentdero>

  % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20160607/421f2150/attachment.asc>

More information about the Jenkins-infra mailing list