-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/23/2015 05:30 AM, Michael Orlitzky wrote: > On 09/23/2015 04:40 AM, Todd Goodman wrote: >> >> We haven't had too many problems with it. Most of our problems >> seem to be with people having issues with git itself (it was new >> to almost everyone on the team) and not embracing a good workflow >> with it (or trying to only use git via Eclipse.) >> >> We have 80 or so Android repos and a much smaller handful of >> proprietary repos in use. >> > > Sorry to harp on this, but does your single gerrit user have write > access to all 80 of your repos? Yours is internal so the risk is > limited, but naturally, if we set one up, it would have to be > public. > > If there's a bug in the web UI somewhere and someone figures out > how to make it run code, that would put all of our repos at risk. > Even without being able to run code, a bug might allow privilege > escalation: someone outside the e.g. portage project might figure > out how to push to that repo because all of the logic is in Java > and not the filesystem. > > The way we have it now, push access is granted through SSH and is > therefore tied to your user. Implementing users/groups/permissions > in code would really be a step backwards; this isn't a theoretical > argument. > > These issues can totally be fixed -- I'm not saying they're endemic > to web-based git hosting. But to move access control down to the > filesystem deviates from how everyone else does things. So first > you need to spend time getting familiar with the project, then you > have to overhaul the way it works, and finally you have to get > upstream to acknowledge that you aren't crazy and accept your > docs/patches. That's a lot more work than just setting it up. > > I hadn't thought about that angle. If our access backbone is via SSH (and thus the filesystem/machine users) then I'm really not sure how to implement a GitLab or Gerrit instance while hooking into the filesystem. Allowing users to open accounts in order to post bugs, etc just isn't a great idea, imo, and duplicates the effort that already exists in Bugzilla. Maybe it'd be smarter to find a way to `git-am` patches from Bugzilla.
- -- Daniel Campbell - Gentoo Developer OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWA4IfAAoJEAEkDpRQOeFwyR0P/jc6oLr5CV7J+31B5wPm+W/n KEDUVb+EMjyfgitAx1rcRxNxrQMlq9ZTGYdNeus8+OOnDg2z7WZuSlOsmIQPamiY aqHu2LUhsix9xUjGu6nYJHWzvE96ISkbrUtBwVxE/I04Gcdpm4Xwx9VPCpRzrMA8 J8dj/QXu7pKZPEXv98pH0jHWHlDpKzT0jmEbgX/EOOImatJlkLNKuZ88vyalAoAQ kCfN+8ThbvyhEqknmUA/p/yaGTDGw+f7cjO2utYfDsgo7ug9zD4JraaqoQl0XKSb sH5aDJyE4Ra43o990Bvxx+pq7nTiFiAXZBLB+CVfMT+Qau8V+uatHFfuRufFftBW 2DOXiApJLODZjGwG/qUKdcXL/y4Y41lQcRlGUrLLUssiwn0WrpDBQVxQugUt5ZGD GGQsC6fQkYBN7XnLL/jC6jzGTQEgDedba7NfL8EsvQK7eEN2EuGrfkzrc5onz0qr wruWGhnolWbzkIWtJSY6OHzcv3SUXOlSjLdApXkl57zIAsbAWK1jBXvMyf4XBzss x17T30gjSW98puWg3Gwd0VPBm43M+Dwc2WEncpDetbqewbs3uCmfdhT4FsX3b0p2 x8jygv7LPRNiXHbmUcEmbiMUXqK5//M052xpld993+onCmHZ+28LwVlXEkoWUS+G B9EZD2RezYd2u1FeMCm0 =ybn4 -----END PGP SIGNATURE-----
