| 1 |
* James Le Cuirot <chewi@g.o> [150920 04:45]: |
| 2 |
> On Sat, 19 Sep 2015 20:12:06 -0400 |
| 3 |
> Michael Orlitzky <mjo@g.o> wrote: |
| 4 |
> |
| 5 |
> > Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
| 6 |
> > in a way that a small bug won't grant anonymous write access to every |
| 7 |
> > single repository? |
| 8 |
> > |
| 9 |
> > Web projects tend to assume that they're the only application/user on |
| 10 |
> > the server. And as far as security is concerned, that the server is |
| 11 |
> > in a locked closet with no internet connection. Most of them crash |
| 12 |
> > when you try to fix those assumptions. |
| 13 |
> |
| 14 |
> We use GitLab at work and I do like it but I don't know how it fares |
| 15 |
> for much larger projects. I know less about Gerrit but it is used by |
| 16 |
> high profile projects like CyanogenMod. We've also had it recommended |
| 17 |
> numerous times in #gentoo-java by zxiiro, who works for the Linux |
| 18 |
> Foundation and used to work for the Eclipse Foundation. I think it's |
| 19 |
> worth a try but no, I'm not volunteering. ;) Having said that, it is |
| 20 |
> written in Java and if we insist on installing these things through |
| 21 |
> Portage (I suppose we should eat our own dog food) then I would be |
| 22 |
> willing to make a push on getting it into the tree. It might be tricky |
| 23 |
> though, not least because it uses the Buck build system, which I've |
| 24 |
> never seen used anywhere else and isn't currently in the tree either. |
| 25 |
> |
| 26 |
> -- |
| 27 |
> James Le Cuirot (chewi) |
| 28 |
> Gentoo Linux Developer |
| 29 |
|
| 30 |
For what it's worth, I set up Gerrit for my company (small startup so |
| 31 |
not experience with a big team, though I've heard of its use for large |
| 32 |
teams much more often) a year ago. |
| 33 |
|
| 34 |
I set it up once on Gentoo (manually using tools in the package or git |
| 35 |
tree) and didn't set up an ebuild or anything. |
| 36 |
|
| 37 |
I then set it up "for real" on an Ubuntu server (standard company |
| 38 |
internal server platform.) |
| 39 |
|
| 40 |
I'm about as far from a Java person as one can be (aside from having to |
| 41 |
dig around in Android) but it was relatively uneventful including |
| 42 |
getting Buck built and set up. |
| 43 |
|
| 44 |
It's certainly not been security vetted by more than a couple developers |
| 45 |
though as it's on an internal network (though of course we still try to make |
| 46 |
it as secure as possible.) |
| 47 |
|
| 48 |
We have it tied in with our bug tracking system (JIRA) so it can |
| 49 |
transition tasks once a review has been approved and link the two (JIRA |
| 50 |
ticket has links to the Gerrit review and vice versa.) |
| 51 |
|
| 52 |
We haven't had too many problems with it. Most of our problems seem to |
| 53 |
be with people having issues with git itself (it was new to almost |
| 54 |
everyone on the team) and not embracing a good workflow with it (or |
| 55 |
trying to only use git via Eclipse.) |
| 56 |
|
| 57 |
We have 80 or so Android repos and a much smaller handful of proprietary |
| 58 |
repos in use. |
| 59 |
|
| 60 |
Todd |
Archives