launchpad-dev team mailing list archive

[Robert Collins <robertc@xxxxxxxxxxxxxxxxx>]

On Wed, Oct 5, 2011 at 5:47 PM, Stuart Bishop
<stuart.bishop@xxxxxxxxxxxxx> wrote:
> On Wed, Oct 5, 2011 at 6:08 AM, Robert Collins
> <robertc@xxxxxxxxxxxxxxxxx> wrote:
>
>> I proposed that the librarian create the LFC and do a backend call
>> passing on the form variables from the browser to LP, which would
>> create the LFA and return the next_url which the librarian then passes
>> to the client.
>
> Just make sure the LFC.id and the sha1 so the client can't link to an
> arbitrary existing LFC. Or better yet, use the existing
> TemporaryBlobStorage and return the uuid. Does apport already have a
> way of uploading directly to TemporaryBlobStorage, or would this
> service be useful to apport too?

Right, the client would upload bytes, the librarian would choose
whether to make or reuse a specific LFC. apport would benefit from
this too (large apport bug reports with hundred MB cores run into
similar (if not the same) issue).

>> As a data gathering point perhaps, but HTTP is HTTP, we've no concrete
>> reason to think that this is apache specifically, especially as some
>> users with browsers don't encounter the problem.
>
> SSL could be involved here too.

Indeed.

-Rob