| 1 |
On 09/19/2015 05:16 PM, Daniel Campbell wrote: |
| 2 |
> |
| 3 |
> We'd just need a developer who's experienced in maintaining and |
| 4 |
> setting them up. |
| 5 |
> |
| 6 |
|
| 7 |
Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
| 8 |
in a way that a small bug won't grant anonymous write access to every |
| 9 |
single repository? |
| 10 |
|
| 11 |
Web projects tend to assume that they're the only application/user on |
| 12 |
the server. And as far as security is concerned, that the server is in a |
| 13 |
locked closet with no internet connection. Most of them crash when you |
| 14 |
try to fix those assumptions. |
| 15 |
|
| 16 |
Github fails the second criterion[1], but it's not pointed directly at |
| 17 |
our repositories. A developer still has to review and push each commit, |
| 18 |
so the risk is mitigated. |
| 19 |
|
| 20 |
The infra team has high standards when it comes to this stuff, and to |
| 21 |
fix it would require more than just a weekend of experimentation. |
| 22 |
|
| 23 |
|
| 24 |
[1] http://homakov.blogspot.com/2012/03/how-to.html |
Archives