Today, we have deployed a mechanism to fight the flood of attacks against our GitLab server. It currently consists of a simple check for cookie and JavaScript in your web browser, but could be expanded to cover more complex checks. For now, if you see a "429 Rate Limited" error page, don't worry, it's normal: as long as your browser supports JavaScript and cookies, the page should reload within five seconds and let you go ahead. You will see the page when opening the page the first time in a new browser, which includes a fresh Tor Browser session, a "Private Window", or a disposable browser profile. If you operate a bot or script that scrapes GitLab, you might hit the rate limiter as well. We've added exemptions for servers managed by TPA and certain user agents, so we currently assume this will have minimal impact on our community. If this still creates problems for you, feel free to file a new issue with TPA at: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new If you cannot reach GitLab, you can contact us in `#tor-admin` on `irc.oftc.net` or `#tor-admin:matrix.org` or through email at torproject-admin@torproject.org. You read more about this decision in ADR-108: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0108-gitlab-cookie... Note that this only affects the gitlab.torproject.org site, not GitLab pages, the container registry or other GitLab components for now. But similar mechanisms might have to be implemented on those other services as well if abuse spreads over. Thanks and have a nice day, a. -- Antoine Beaupré torproject.org system administration