| 1 |
On 12/20/18 10:25 AM, YUE Daian wrote: |
| 2 |
> |
| 3 |
> Did anyone ever considered using GitLab? |
| 4 |
> Its community edition is quiet enough I think. |
| 5 |
> |
| 6 |
|
| 7 |
Yes, but there's a small problem: we would need to run our own instance |
| 8 |
of Gitlab to prevent some of the same problems that exist with Github |
| 9 |
(like losing all of our data if they go out of business). |
| 10 |
|
| 11 |
The "run your own" version of Gitlab is a bit of a nightmare, being |
| 12 |
built with Ruby on Rails. It has a million dependencies, many of which |
| 13 |
are hard to package because rubygems/bundler are awful and encourage |
| 14 |
worst practices. Gitlab upstream expects you to run a version that |
| 15 |
bundles everything it uses. |
| 16 |
|
| 17 |
What's the security strategy for something with a million bundled |
| 18 |
libraries? There is none, which makes following their advice pretty |
| 19 |
irresponsible, too. |
| 20 |
|
| 21 |
For all its flaws, BugZilla is pretty stable software that uses stable |
| 22 |
libraries in an ecosystem inhabited by adults. Our infra team are all |
| 23 |
volunteers, too -- so we need an alternative that isn't way more work |
| 24 |
for them to run. |
Archives