1 |
On 12/20/18 10:25 AM, YUE Daian wrote: |
2 |
> |
3 |
> Did anyone ever considered using GitLab? |
4 |
> Its community edition is quiet enough I think. |
5 |
> |
6 |
|
7 |
Yes, but there's a small problem: we would need to run our own instance |
8 |
of Gitlab to prevent some of the same problems that exist with Github |
9 |
(like losing all of our data if they go out of business). |
10 |
|
11 |
The "run your own" version of Gitlab is a bit of a nightmare, being |
12 |
built with Ruby on Rails. It has a million dependencies, many of which |
13 |
are hard to package because rubygems/bundler are awful and encourage |
14 |
worst practices. Gitlab upstream expects you to run a version that |
15 |
bundles everything it uses. |
16 |
|
17 |
What's the security strategy for something with a million bundled |
18 |
libraries? There is none, which makes following their advice pretty |
19 |
irresponsible, too. |
20 |
|
21 |
For all its flaws, BugZilla is pretty stable software that uses stable |
22 |
libraries in an ecosystem inhabited by adults. Our infra team are all |
23 |
volunteers, too -- so we need an alternative that isn't way more work |
24 |
for them to run. |