David Fetter wrote:
> On Tue, Jun 24, 2008 at 10:27:28PM +0200, Magnus Hagander wrote:
>>>>>> Now, if you can give us a step-by-step on how to set it up, that
>>>>>> would certainly help ;-)
>>>>> Gitosis does not, as far as I can tell, have that delegation
>>>>> capability, but I've come up with a way to do this:
>>>>>
>>>>> 1.  Use git-shell.  Yes, this does involve creating one shell account
>>>>> for each project, but git-shell is, by design, very short on
>>>>> exploitable capability.
>>>>>
>>>>> 2.  Make the .ssh directory a git repository.
>>>>>
>>>>> 3.  Edit .ssh/authorized_keys and push via git.
>>>> I was looking into being able to do it using gitosis, with an
>>>> interface on top of it's existing GIT repository for being able
>>>> to delegate this.
>>> I discussed this with gitosis's author, and he wants to keep
>>> gitosis from becoming "a sourceforge reimplementation."  He did,
>>> however, commit to stamping it 1.0 and putting up a TODO list.
>>> I'd like to package it up for FreeBSD and Fedora, those being two
>>> common platforms.
>> That would be good.
> 
> It *would* be good, if the author seemed even vaguely interested in
> packaging up so much as a tarball, but he is not.  His attitude
> is (paraphrasing from conversations with him the past few days), "it's
> good enough as a git repository, and everybody who's using it is a git
> administrator, so they should know how to wrangle git repositories."
> While he may someday outgrow this, we really should not put him and
> his attitude in critical paths for our project.
> 
> Let's go with git-shell, which is supported and packaged software on
> just about every platform, and stop waiting for Godot^Wgitosis.

I'm not sure I agree that this is a big problem, but sure, we should at
least consider git-shell.

Is there any product out there that makes it possible to admin a
git-shell based system without having all the admins being root on the
server? Because that's simply not an option if you want anything
remotely scalable.


>>>> What do you think of this idea?
>>> It's complicated :(
>>>
>>> Wouldn't it be easier to have a gitosis admin team with the needed
>>> access?
>> Yes, that'd probably be easier, and it's what I'd start the
>> implementation out at.
> 
> Here's an even simpler implementation: git-ssh and public keys.  Yes,
> it involves work by administrators, which I'd be delighted to do.

Are you referring to git-shell, or is this a different product? If so,
reference to said product, please?

I certainly don't mind having the work pushed off to an admin team. But
it has to be automated enough that there is no risk that different
people se tit up differently. And it must not require root. Show me such
a solution, and I'll be happy to consider it :-)

//Magnus


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to