[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] RFI: A better workflow for github pull requests
From:       Daniel Campbell <zlg () gentoo ! org>
Date:       2015-09-20 1:37:10
Message-ID: 55FE0DC6.9030305 () gentoo ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/19/2015 05:12 PM, Michael Orlitzky wrote:
> On 09/19/2015 05:16 PM, Daniel Campbell wrote:
>> 
>> We'd just need a developer who's experienced in maintaining and 
>> setting them up.
>> 
> 
> Has anyone ever set up Gitlab or Gerrit, managed by a package
> manager, in a way that a small bug won't grant anonymous write
> access to every single repository?
> 
> Web projects tend to assume that they're the only application/user
> on the server. And as far as security is concerned, that the server
> is in a locked closet with no internet connection. Most of them
> crash when you try to fix those assumptions.
> 
> Github fails the second criterion[1], but it's not pointed directly
> at our repositories. A developer still has to review and push each
> commit, so the risk is mitigated.
> 
> The infra team has high standards when it comes to this stuff, and
> to fix it would require more than just a weekend of
> experimentation.
> 
> 
> [1] http://homakov.blogspot.com/2012/03/how-to.html
> 
That's completely reasonable. I'm not advocating for any specific
solution; infra knows the systems and it'd be up to them to choose a
good solution. This makes me wonder now though, if the reason we
settled on GitHub was because the others weren't good and/or secure
enough. Personally I'm find with e-mails and cgit like we currently
have, but I assume the goal of GitHub was to encourage more community
involvement and make contributing easier. Still, were something to
happen to GitHub we'd lose that ability and go back to standard
overlays, e-mail, etc.

- -- 
Daniel Campbell - Gentoo Developer
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV/g3BAAoJEAEkDpRQOeFwPoIQAI76TxONizirRc6bF58n+kKE
Xxvlh/tl1lhFmJiyGLuy1HILEIbeeWX+8U9PFGWzYkh30Ie+7rc/L7Ya4jx3JrvE
3Iu6nHrRCArPNeTMYiNqiCrGVqhQ8qW/27AaalUNstrBXwK0RGKjB5DBYrNDKGl9
6UD5N3JFXo6xHQULuVRY8IjI+2FOR+d/Yww/L22SFfkdVjxHuXGkwk9QP1ZEYwXZ
eRx7Nb9RcJppcsSRtfeYI8Po4mRUZTRekMk36iOt35PC/eaw6wQePdC3pb0KJKaG
lmSb6XMlvooEsipzTsycA1AwOPgou9Vtsj7G6O5Jxj9n3rCROygIFCSYVujlWXeQ
mcZgZoxQpEo3oNTwKcz7XnY15d8IY/5Zd5rZ5LU6aHfknztJxlHsbDMTubJVM3nB
IFRQ5q8McHfTXHNy6A91FL4eKN1IPLF0naRCN/7ipa94GeTIb2Xe8GyQ9wGG42Oi
NCGSmjnc9GQP2F5X/qgqPLH4+8GPg6PXJNXl1gmkma20NdOS3ivBFX2pD6FFj8A3
Ju4fLKgFE+tD8Wv2+tnbo6oysd3zOODREi1fy/q/Ypik5wIxx1KKdntq1eFgvP6m
VZOi+AOjhygM9TM8PjmBkmQ0HAUn2W3irqWpMUCiupaEwyyyZHA0iKzKHEVOhhut
qHiucPnDyt+53WNkmzMN
=cCuf
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]