1 |
* James Le Cuirot <chewi@g.o> [150920 04:45]: |
2 |
> On Sat, 19 Sep 2015 20:12:06 -0400 |
3 |
> Michael Orlitzky <mjo@g.o> wrote: |
4 |
> |
5 |
> > Has anyone ever set up Gitlab or Gerrit, managed by a package manager, |
6 |
> > in a way that a small bug won't grant anonymous write access to every |
7 |
> > single repository? |
8 |
> > |
9 |
> > Web projects tend to assume that they're the only application/user on |
10 |
> > the server. And as far as security is concerned, that the server is |
11 |
> > in a locked closet with no internet connection. Most of them crash |
12 |
> > when you try to fix those assumptions. |
13 |
> |
14 |
> We use GitLab at work and I do like it but I don't know how it fares |
15 |
> for much larger projects. I know less about Gerrit but it is used by |
16 |
> high profile projects like CyanogenMod. We've also had it recommended |
17 |
> numerous times in #gentoo-java by zxiiro, who works for the Linux |
18 |
> Foundation and used to work for the Eclipse Foundation. I think it's |
19 |
> worth a try but no, I'm not volunteering. ;) Having said that, it is |
20 |
> written in Java and if we insist on installing these things through |
21 |
> Portage (I suppose we should eat our own dog food) then I would be |
22 |
> willing to make a push on getting it into the tree. It might be tricky |
23 |
> though, not least because it uses the Buck build system, which I've |
24 |
> never seen used anywhere else and isn't currently in the tree either. |
25 |
> |
26 |
> -- |
27 |
> James Le Cuirot (chewi) |
28 |
> Gentoo Linux Developer |
29 |
|
30 |
For what it's worth, I set up Gerrit for my company (small startup so |
31 |
not experience with a big team, though I've heard of its use for large |
32 |
teams much more often) a year ago. |
33 |
|
34 |
I set it up once on Gentoo (manually using tools in the package or git |
35 |
tree) and didn't set up an ebuild or anything. |
36 |
|
37 |
I then set it up "for real" on an Ubuntu server (standard company |
38 |
internal server platform.) |
39 |
|
40 |
I'm about as far from a Java person as one can be (aside from having to |
41 |
dig around in Android) but it was relatively uneventful including |
42 |
getting Buck built and set up. |
43 |
|
44 |
It's certainly not been security vetted by more than a couple developers |
45 |
though as it's on an internal network (though of course we still try to make |
46 |
it as secure as possible.) |
47 |
|
48 |
We have it tied in with our bug tracking system (JIRA) so it can |
49 |
transition tasks once a review has been approved and link the two (JIRA |
50 |
ticket has links to the Gerrit review and vice versa.) |
51 |
|
52 |
We haven't had too many problems with it. Most of our problems seem to |
53 |
be with people having issues with git itself (it was new to almost |
54 |
everyone on the team) and not embracing a good workflow with it (or |
55 |
trying to only use git via Eclipse.) |
56 |
|
57 |
We have 80 or so Android repos and a much smaller handful of proprietary |
58 |
repos in use. |
59 |
|
60 |
Todd |