On 09/19/2015 05:16 PM, Daniel Campbell wrote: > > We'd just need a developer who's experienced in maintaining and > setting them up. >
Has anyone ever set up Gitlab or Gerrit, managed by a package manager, in a way that a small bug won't grant anonymous write access to every single repository? Web projects tend to assume that they're the only application/user on the server. And as far as security is concerned, that the server is in a locked closet with no internet connection. Most of them crash when you try to fix those assumptions. Github fails the second criterion[1], but it's not pointed directly at our repositories. A developer still has to review and push each commit, so the risk is mitigated. The infra team has high standards when it comes to this stuff, and to fix it would require more than just a weekend of experimentation. [1] http://homakov.blogspot.com/2012/03/how-to.html
