[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git dangerous operations on alioth


On 28.02.2013 11:07, Stefano Zacchiroli wrote:
> On Thu, Feb 28, 2013 at 10:39:26AM +0100, Daniel Pocock wrote:
>> Has anybody had experience controlling access to git repositories, for
>> example, to give users access but prevent some of the following
>> dangerous operations?
> Related to this, there is also the risk that a user will ssh on alioth
> and rm the repository (accidentally or not). Do we have any kind of
> protection against that? (e.g. backups we can access to without
> bothering the alioth admins, or a way to give git access but not ssh
> access, or...)

The obvious solution would be to deny people accessing your repository
in unwanted ways. The current Alioth ACLs do not really allow this so we
have to trust people.

Personally I do host almost all my packages in collab-maint and contrary
to common belief, I only made good experiences with it. This is more of
a hypothetical discussion therefore.

Having that said the risk is real and it may be time to reconsider some
choices including the use of Alioth itself for those who do not believe
in openness. Chances are #700630 is going to rescue us all on that.
Maybe we could set-up our own gitorious instance once the stuff is
packaged. I at least am very interested in such a Debian service and
might even set one up.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: