1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 09/19/2015 05:12 PM, Michael Orlitzky wrote: |
5 |
> On 09/19/2015 05:16 PM, Daniel Campbell wrote: |
6 |
>> |
7 |
>> We'd just need a developer who's experienced in maintaining and |
8 |
>> setting them up. |
9 |
>> |
10 |
> |
11 |
> Has anyone ever set up Gitlab or Gerrit, managed by a package |
12 |
> manager, in a way that a small bug won't grant anonymous write |
13 |
> access to every single repository? |
14 |
> |
15 |
> Web projects tend to assume that they're the only application/user |
16 |
> on the server. And as far as security is concerned, that the server |
17 |
> is in a locked closet with no internet connection. Most of them |
18 |
> crash when you try to fix those assumptions. |
19 |
> |
20 |
> Github fails the second criterion[1], but it's not pointed directly |
21 |
> at our repositories. A developer still has to review and push each |
22 |
> commit, so the risk is mitigated. |
23 |
> |
24 |
> The infra team has high standards when it comes to this stuff, and |
25 |
> to fix it would require more than just a weekend of |
26 |
> experimentation. |
27 |
> |
28 |
> |
29 |
> [1] http://homakov.blogspot.com/2012/03/how-to.html |
30 |
> |
31 |
That's completely reasonable. I'm not advocating for any specific |
32 |
solution; infra knows the systems and it'd be up to them to choose a |
33 |
good solution. This makes me wonder now though, if the reason we |
34 |
settled on GitHub was because the others weren't good and/or secure |
35 |
enough. Personally I'm find with e-mails and cgit like we currently |
36 |
have, but I assume the goal of GitHub was to encourage more community |
37 |
involvement and make contributing easier. Still, were something to |
38 |
happen to GitHub we'd lose that ability and go back to standard |
39 |
overlays, e-mail, etc. |
40 |
|
41 |
- -- |
42 |
Daniel Campbell - Gentoo Developer |
43 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
44 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
45 |
-----BEGIN PGP SIGNATURE----- |
46 |
Version: GnuPG v2 |
47 |
|
48 |
iQIcBAEBCAAGBQJV/g3BAAoJEAEkDpRQOeFwPoIQAI76TxONizirRc6bF58n+kKE |
49 |
Xxvlh/tl1lhFmJiyGLuy1HILEIbeeWX+8U9PFGWzYkh30Ie+7rc/L7Ya4jx3JrvE |
50 |
3Iu6nHrRCArPNeTMYiNqiCrGVqhQ8qW/27AaalUNstrBXwK0RGKjB5DBYrNDKGl9 |
51 |
6UD5N3JFXo6xHQULuVRY8IjI+2FOR+d/Yww/L22SFfkdVjxHuXGkwk9QP1ZEYwXZ |
52 |
eRx7Nb9RcJppcsSRtfeYI8Po4mRUZTRekMk36iOt35PC/eaw6wQePdC3pb0KJKaG |
53 |
lmSb6XMlvooEsipzTsycA1AwOPgou9Vtsj7G6O5Jxj9n3rCROygIFCSYVujlWXeQ |
54 |
mcZgZoxQpEo3oNTwKcz7XnY15d8IY/5Zd5rZ5LU6aHfknztJxlHsbDMTubJVM3nB |
55 |
IFRQ5q8McHfTXHNy6A91FL4eKN1IPLF0naRCN/7ipa94GeTIb2Xe8GyQ9wGG42Oi |
56 |
NCGSmjnc9GQP2F5X/qgqPLH4+8GPg6PXJNXl1gmkma20NdOS3ivBFX2pD6FFj8A3 |
57 |
Ju4fLKgFE+tD8Wv2+tnbo6oysd3zOODREi1fy/q/Ypik5wIxx1KKdntq1eFgvP6m |
58 |
VZOi+AOjhygM9TM8PjmBkmQ0HAUn2W3irqWpMUCiupaEwyyyZHA0iKzKHEVOhhut |
59 |
qHiucPnDyt+53WNkmzMN |
60 |
=cCuf |
61 |
-----END PGP SIGNATURE----- |