[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] RFI: A better workflow for github pull requests
From:       Michael Orlitzky <mjo () gentoo ! org>
Date:       2015-09-20 0:12:06
Message-ID: 55FDF9D6.6030302 () gentoo ! org
[Download RAW message or body]

On 09/19/2015 05:16 PM, Daniel Campbell wrote:
> 
> We'd just need a developer who's experienced in maintaining and
> setting them up.
> 

Has anyone ever set up Gitlab or Gerrit, managed by a package manager,
in a way that a small bug won't grant anonymous write access to every
single repository?

Web projects tend to assume that they're the only application/user on
the server. And as far as security is concerned, that the server is in a
locked closet with no internet connection. Most of them crash when you
try to fix those assumptions.

Github fails the second criterion[1], but it's not pointed directly at
our repositories. A developer still has to review and push each commit,
so the risk is mitigated.

The infra team has high standards when it comes to this stuff, and to
fix it would require more than just a weekend of experimentation.


[1] http://homakov.blogspot.com/2012/03/how-to.html

[prev in list] [next in list] [prev in thread] [next in thread]