| 1 |
On Sat, 19 Sep 2015 20:12:06 -0400 |
| 2 |
Michael Orlitzky <mjo@g.o> wrote: |
| 3 |
|
| 4 |
> Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
| 5 |
> in a way that a small bug won't grant anonymous write access to every |
| 6 |
> single repository? |
| 7 |
> |
| 8 |
> Web projects tend to assume that they're the only application/user on |
| 9 |
> the server. And as far as security is concerned, that the server is |
| 10 |
> in a locked closet with no internet connection. Most of them crash |
| 11 |
> when you try to fix those assumptions. |
| 12 |
|
| 13 |
We use GitLab at work and I do like it but I don't know how it fares |
| 14 |
for much larger projects. I know less about Gerrit but it is used by |
| 15 |
high profile projects like CyanogenMod. We've also had it recommended |
| 16 |
numerous times in #gentoo-java by zxiiro, who works for the Linux |
| 17 |
Foundation and used to work for the Eclipse Foundation. I think it's |
| 18 |
worth a try but no, I'm not volunteering. ;) Having said that, it is |
| 19 |
written in Java and if we insist on installing these things through |
| 20 |
Portage (I suppose we should eat our own dog food) then I would be |
| 21 |
willing to make a push on getting it into the tree. It might be tricky |
| 22 |
though, not least because it uses the Buck build system, which I've |
| 23 |
never seen used anywhere else and isn't currently in the tree either. |
| 24 |
|
| 25 |
-- |
| 26 |
James Le Cuirot (chewi) |
| 27 |
Gentoo Linux Developer |
Archives