Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> 1) Setting up Gerrit (which is still incomplete because scp'ing the > commit hook should happen with the "-P 443" for this case) Oh, I am sorry. That is also achievable by the ssh config. Nevertheless, this section needs to be updated, if the existing duplication remains to be in place for good

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> I'd just be nice to have someone actually test it. Lazlo, could you verify? Thank you for the progress! Looks like pushing works: https://codereview.qt-project.org/#change,30932 Cloning is still flaky through the init-repository perl script for webkit as the example shows above. The documenta

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On Jul 16, 2012, at 19:16 , ext marius.storm-ol...@nokia.com wrote: On 13/07/2012 10:04, ext marius.storm-ol...@nokia.com wrote: So, I think we'll go ahead and get a port forward setup. It has been done. You can now poin

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On 13/07/2012 10:04, ext marius.storm-ol...@nokia.com wrote: > So, I think we'll go ahead and get a port forward setup. It has been done. You can now point your git to git clone ssh://@ssh.qt-project.org:443/qt/qt5 instead, if needed. -- .marius ___

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> So, you are saying, the implementer of such a firewall thinks, it's a good > idea and a valid option, to tunnel all kinds of traffic through port 443? I > would like to talk to that person. Well, maybe better not... ;-) Yes, we have had such solutions already in the past. Just because you have n

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On 16.07.2012 16:06, Laszlo Papp wrote: >> No, going through 443 is _not_ an option of the firewall, it's like >> lock-picking a useless lock. > > No, the firewall and the whole establishment have the option to go out > over the port 443. So, you are saying, the implementer of such a firewall th

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

evelopment] Contributing to the Qt Project behind a hefty firewall and proxy server On 16.07.2012 15:26, Laszlo Papp wrote: >> Sorry, but bike locks have keys to disable them. The sanity bot have >> an option to override it. Where is that option in your firewall? > > Going thr

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> No, going through 443 is _not_ an option of the firewall, it's like > lock-picking a useless lock. No, the firewall and the whole establishment have the option to go out over the port 443. > It's not a fix at all. It's a workaround. Important difference! My whole point is that, let us leave th

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On 16.07.2012 15:26, Laszlo Papp wrote: >> Sorry, but bike locks have keys to disable them. The sanity bot have an >> option >> to override it. Where is that option in your firewall? > > Going through 443. No, going through 443 is _not_ an option of the firewall, it's like lock-picking a usele

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> Sorry, but bike locks have keys to disable them. The sanity bot have an option > to override it. Where is that option in your firewall? Going through 443. > You have no excuse. If you are supposed to work on Qt, your company should > give you the infrasctructure to do your work. Unless it is f

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On Monday 16 July 2012 10:50:20 Laszlo Papp wrote: > > Closing down ports for security reasons can only be a short term > > emergency measure. Doing it in general does not increase security in the > > medium term, since the Bad Guys are now using 443 anyway (like everybody > > else). > > Yeah, the

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> Who is going to pay for the extra IP dedicated for this? Maybe we should put a > price tag on uses for port 443: if you want to use it, pay $10 per month to > the Qt Project Hosting Foundation and we'll enable your account to use it > (IPv6-only should be free or cheaper). > > Then you can take i

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On segunda-feira, 16 de julho de 2012 10.50.20, Laszlo Papp wrote: > There is no any waste of time, if a company does not wanna change > things upside down, just accept that the contribution will be pushed > against the Qt Project through 443. It is actually way more time waste > and energy at time

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> Closing down ports for security reasons can only be a short term > emergency measure. Doing it in general does not increase security in the > medium term, since the Bad Guys are now using 443 anyway (like everybody > else). Yeah, the desperate ones who have not lost their sake yet... You are pro

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On 13.07.2012 17:10, Laszlo Papp wrote: >> He also says that you should at the same time have a discussion with >> Corporate Security to make them understand that the current situation is >> hurting the organization, and try to get it changed so you _don't_ have >> to circumvent Corporate Securit

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> Like I said, the proxy is http only. and there is a filtered (port 80, > 443 only) internet connection. You are saying socat or corkscrew can > help when you do not have a SOCKS proxy? That is new to me. If one had a system to port forward via, then it would be a deal done, but it is not the cas

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On Mon, Jul 16, 2012 at 7:47 AM, wrote: > Is the use of corkscrew and or socat something that should be made more > widely known? Like I said, the proxy is http only. and there is a filtered (port 80, 443 only) internet connection. You are saying socat or corkscrew can help when you do not have

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

Behalf Of ext Laszlo Papp Sent: Saturday, July 14, 2012 2:45 AM To: Thiago Macieira Cc: development@qt-project.org Subject: Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server > But let's make sure that we are NOT recommending that people > circumvent

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> But let's make sure that we are NOT recommending that people circumvent IT > network policies. If the IT infrastructure blocks the traffic, then they must > have a reason for it. It can be because: > > 1) the block is overly broad and shouldn't be there > or > 2) the block is intentional and the

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On sexta-feira, 13 de julho de 2012 15.04.36, marius.storm-ol...@nokia.com wrote: > Ok, you guys just misunderstand each other. > > Thiago says we should do it, to ensure that the Qt Project is accessible > behind badly configured corporate firewalls. > > He also says that you should at the same ti

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> If it is for a personal network (as you now seem to be hinting at) > is the issue with opening up said ports for outbound traffic? Perhaps I associate the word "corporate" distinctly due to my language difficulties. :) In any case, what I mean is that, It is all policy (regardless company or per

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On Friday 13 July 2012 16:10:22 Laszlo Papp wrote: > > He also says that you should at the same time have a discussion with > > Corporate Security to make them understand that the current situation is > > hurting the organization, and try to get it changed so you _don't_ have > > to circumvent Corp

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> He also says that you should at the same time have a discussion with > Corporate Security to make them understand that the current situation is > hurting the organization, and try to get it changed so you _don't_ have > to circumvent Corporate Security. (Normally it's grounds for getting the > "p

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

Ok, you guys just misunderstand each other. Thiago says we should do it, to ensure that the Qt Project is accessible behind badly configured corporate firewalls. He also says that you should at the same time have a discussion with Corporate Security to make them understand that the current situ

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

In addition to my previous reply, it can be a legit use case to make a network establishment (not just corporate, but even personal), where you would not like to open a port up globally just because of one project, if not necessary. The only drawback I could mention from my point of view for the Qt

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> I think we should try that. However, note that this could be a violation of > the terms of use of that corporate network since the traffic is not web. Not necessarily, no. The Qt Project would not be in charge of such decisions, anyway. Nothing to violate in the Qt project itself, so is this not

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On sexta-feira, 13 de julho de 2012 12.40.12, marius.storm-ol...@nokia.com wrote: > I think we could do the same setup as GitHub, and simply have port > forwarding from ssh.qt-project.org:443 to > codereview.qt-project.org:29418. That should enable most people to work > behind corporate firewalls.

Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

On 13/07/2012 06:42, ext Laszlo Papp wrote: > There are certain situations out there, when it is currently not so > simple to contribute to the Qt Project. One typical use case, if > there is a proxy server without using socks, just plain http. In > those cases, ssh tunneling does not work either p

[Development] Contributing to the Qt Project behind a hefty firewall and proxy server

Hi, There are certain situations out there, when it is currently not so simple to contribute to the Qt Project. One typical use case, if there is a proxy server without using socks, just plain http. In those cases, ssh tunneling does not work either properly. Imagine that, the ports 80 and 443 are