1 |
On Sat, 19 Sep 2015 20:12:06 -0400 |
2 |
Michael Orlitzky <mjo@g.o> wrote: |
3 |
|
4 |
> Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
5 |
> in a way that a small bug won't grant anonymous write access to every |
6 |
> single repository? |
7 |
> |
8 |
> Web projects tend to assume that they're the only application/user on |
9 |
> the server. And as far as security is concerned, that the server is |
10 |
> in a locked closet with no internet connection. Most of them crash |
11 |
> when you try to fix those assumptions. |
12 |
|
13 |
We use GitLab at work and I do like it but I don't know how it fares |
14 |
for much larger projects. I know less about Gerrit but it is used by |
15 |
high profile projects like CyanogenMod. We've also had it recommended |
16 |
numerous times in #gentoo-java by zxiiro, who works for the Linux |
17 |
Foundation and used to work for the Eclipse Foundation. I think it's |
18 |
worth a try but no, I'm not volunteering. ;) Having said that, it is |
19 |
written in Java and if we insist on installing these things through |
20 |
Portage (I suppose we should eat our own dog food) then I would be |
21 |
willing to make a push on getting it into the tree. It might be tricky |
22 |
though, not least because it uses the Buck build system, which I've |
23 |
never seen used anywhere else and isn't currently in the tree either. |
24 |
|
25 |
-- |
26 |
James Le Cuirot (chewi) |
27 |
Gentoo Linux Developer |