1 |
On 09/19/2015 05:16 PM, Daniel Campbell wrote: |
2 |
> |
3 |
> We'd just need a developer who's experienced in maintaining and |
4 |
> setting them up. |
5 |
> |
6 |
|
7 |
Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
8 |
in a way that a small bug won't grant anonymous write access to every |
9 |
single repository? |
10 |
|
11 |
Web projects tend to assume that they're the only application/user on |
12 |
the server. And as far as security is concerned, that the server is in a |
13 |
locked closet with no internet connection. Most of them crash when you |
14 |
try to fix those assumptions. |
15 |
|
16 |
Github fails the second criterion[1], but it's not pointed directly at |
17 |
our repositories. A developer still has to review and push each commit, |
18 |
so the risk is mitigated. |
19 |
|
20 |
The infra team has high standards when it comes to this stuff, and to |
21 |
fix it would require more than just a weekend of experimentation. |
22 |
|
23 |
|
24 |
[1] http://homakov.blogspot.com/2012/03/how-to.html |