1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 09/23/2015 05:30 AM, Michael Orlitzky wrote: |
5 |
> On 09/23/2015 04:40 AM, Todd Goodman wrote: |
6 |
>> |
7 |
>> We haven't had too many problems with it. Most of our problems |
8 |
>> seem to be with people having issues with git itself (it was new |
9 |
>> to almost everyone on the team) and not embracing a good workflow |
10 |
>> with it (or trying to only use git via Eclipse.) |
11 |
>> |
12 |
>> We have 80 or so Android repos and a much smaller handful of |
13 |
>> proprietary repos in use. |
14 |
>> |
15 |
> |
16 |
> Sorry to harp on this, but does your single gerrit user have write |
17 |
> access to all 80 of your repos? Yours is internal so the risk is |
18 |
> limited, but naturally, if we set one up, it would have to be |
19 |
> public. |
20 |
> |
21 |
> If there's a bug in the web UI somewhere and someone figures out |
22 |
> how to make it run code, that would put all of our repos at risk. |
23 |
> Even without being able to run code, a bug might allow privilege |
24 |
> escalation: someone outside the e.g. portage project might figure |
25 |
> out how to push to that repo because all of the logic is in Java |
26 |
> and not the filesystem. |
27 |
> |
28 |
> The way we have it now, push access is granted through SSH and is |
29 |
> therefore tied to your user. Implementing users/groups/permissions |
30 |
> in code would really be a step backwards; this isn't a theoretical |
31 |
> argument. |
32 |
> |
33 |
> These issues can totally be fixed -- I'm not saying they're endemic |
34 |
> to web-based git hosting. But to move access control down to the |
35 |
> filesystem deviates from how everyone else does things. So first |
36 |
> you need to spend time getting familiar with the project, then you |
37 |
> have to overhaul the way it works, and finally you have to get |
38 |
> upstream to acknowledge that you aren't crazy and accept your |
39 |
> docs/patches. That's a lot more work than just setting it up. |
40 |
> |
41 |
> |
42 |
I hadn't thought about that angle. If our access backbone is via SSH |
43 |
(and thus the filesystem/machine users) then I'm really not sure how |
44 |
to implement a GitLab or Gerrit instance while hooking into the |
45 |
filesystem. Allowing users to open accounts in order to post bugs, etc |
46 |
just isn't a great idea, imo, and duplicates the effort that already |
47 |
exists in Bugzilla. Maybe it'd be smarter to find a way to `git-am` |
48 |
patches from Bugzilla. |
49 |
|
50 |
- -- |
51 |
Daniel Campbell - Gentoo Developer |
52 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
53 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
54 |
-----BEGIN PGP SIGNATURE----- |
55 |
Version: GnuPG v2 |
56 |
|
57 |
iQIcBAEBCAAGBQJWA4IfAAoJEAEkDpRQOeFwyR0P/jc6oLr5CV7J+31B5wPm+W/n |
58 |
KEDUVb+EMjyfgitAx1rcRxNxrQMlq9ZTGYdNeus8+OOnDg2z7WZuSlOsmIQPamiY |
59 |
aqHu2LUhsix9xUjGu6nYJHWzvE96ISkbrUtBwVxE/I04Gcdpm4Xwx9VPCpRzrMA8 |
60 |
J8dj/QXu7pKZPEXv98pH0jHWHlDpKzT0jmEbgX/EOOImatJlkLNKuZ88vyalAoAQ |
61 |
kCfN+8ThbvyhEqknmUA/p/yaGTDGw+f7cjO2utYfDsgo7ug9zD4JraaqoQl0XKSb |
62 |
sH5aDJyE4Ra43o990Bvxx+pq7nTiFiAXZBLB+CVfMT+Qau8V+uatHFfuRufFftBW |
63 |
2DOXiApJLODZjGwG/qUKdcXL/y4Y41lQcRlGUrLLUssiwn0WrpDBQVxQugUt5ZGD |
64 |
GGQsC6fQkYBN7XnLL/jC6jzGTQEgDedba7NfL8EsvQK7eEN2EuGrfkzrc5onz0qr |
65 |
wruWGhnolWbzkIWtJSY6OHzcv3SUXOlSjLdApXkl57zIAsbAWK1jBXvMyf4XBzss |
66 |
x17T30gjSW98puWg3Gwd0VPBm43M+Dwc2WEncpDetbqewbs3uCmfdhT4FsX3b0p2 |
67 |
x8jygv7LPRNiXHbmUcEmbiMUXqK5//M052xpld993+onCmHZ+28LwVlXEkoWUS+G |
68 |
B9EZD2RezYd2u1FeMCm0 |
69 |
=ybn4 |
70 |
-----END PGP SIGNATURE----- |