Re: git dangerous operations on alioth
On 03/03/2013 12:51 AM, Wouter Verhelst wrote:
> On Thu, Feb 28, 2013 at 11:07:22AM +0100, Stefano Zacchiroli wrote:
>> On Thu, Feb 28, 2013 at 10:39:26AM +0100, Daniel Pocock wrote:
>>> Has anybody had experience controlling access to git repositories, for
>>> example, to give users access but prevent some of the following
>>> dangerous operations?
>> Related to this, there is also the risk that a user will ssh on alioth
>> and rm the repository (accidentally or not). Do we have any kind of
>> protection against that? (e.g. backups we can access to without
>> bothering the alioth admins, or a way to give git access but not ssh
>> access, or...)
> "real men don't take backups. They just put their stuff on a public FTP
> server and let the world mirror."
>
> Every user who has a checkout of a git repository is making backups...
If Alioth was to fail and loose all repository data, I would have a
real hard time to collect all local copies, with the latest version
given a specific branch, being stored in one of the 3 machines I do
Debian packaging on. It would take me literally days to find out on
which of these computers I made the latest commit (I generally don't
care, Git always yell^Wtell if I don't have a fast-forward copy
anyway).
I also read that others have the habit to *not* store a local copy
of the packages they work on. Once the commit is done, they just
delete the local copy. That's not my workflow, but I can understand
why doing that.
So yes, I would think having a safe, backup of Alioth is important.
Now, what worries me is that I didn't read any of the Alioth admins
explaining what is currently in production. I've searched, and the
only info I found was hosted projects on alioth.d.o (like pkg-bacula,
slbackup, etc.), but so far, no info on how Alioth is backed-up. Did
I miss the obvious?
Cheers,
Thomas
Reply to: