Re: gitlab package (was Re: Opt out style recommends)

To: debian-devel@lists.debian.org
Subject: Re: gitlab package (was Re: Opt out style recommends)
From: Tollef Fog Heen <tfheen@err.no>
Date: Tue, 12 Apr 2016 09:33:47 +0200
Message-id: <[🔎] 87d1pvcmck.fsf@aexonyam.err.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] CAL4L7=B6cZ0n9rk1+Be=0=eZfxK8bsTJT7x7G_TEmNY5ysPORQ@mail.gmail.com> (Michael Lustfield's message of "Mon, 11 Apr 2016 15:35:20 -0700")
References: <[🔎] D68F1898-86E9-40D1-A467-0BF4957883AD@onenetbeyond.org> <[🔎] 570950D5.1080800@debian.org> <[🔎] 476F472A-6975-4528-8524-B50C38C5C45D@onenetbeyond.org> <[🔎] 570B5AD3.2090401@debian.org> <[🔎] 469102D1-C5E6-40FC-864E-D6485241670E@onenetbeyond.org> <[🔎] 20160411104157.GA7190@chew.redmars.org> <[🔎] CAL4L7=B6cZ0n9rk1+Be=0=eZfxK8bsTJT7x7G_TEmNY5ysPORQ@mail.gmail.com>

]] Michael Lustfield 

> In this particular case, I would suggest first making letsencrypt a
> Suggests. Then, I would suggest considering snakeoil for the https or
> just installing with http-only and providing a documented tool for
> moving to using letsencrypt. You and I both know that we're only
> talking about a web server configuration... shouldn't the web server
> be the one suggesting it? ... it doesn't because the web server
> packages consider SSL/TLS to be its own thing entirely that shouldn't
> be mixed in with other package deployments.

The web app might well need to know whether it's being accessed over TLS
or not.  If it is, any cookies it sets should be marked with «secure» so
they're never sent in plaintext.

An option that might satisfy everyone is to have a gitlab package and a
gitlab-bells-and-whistles package (or gitlab-minimal and gitlab) where
the latter includes full integration with nginx and letsencrypt and
whatnot, while the former is a more limited package that does the bare
minimum.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Re: gitlab package (was Re: Opt out style recommends)
  - From: Michael Lustfield <michael@lustfield.net>

References:
- Opt out style recommends
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- gitlab package (was Re: Opt out style recommends)
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: gitlab package (was Re: Opt out style recommends)
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- Re: gitlab package (was Re: Opt out style recommends)
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: gitlab package (was Re: Opt out style recommends)
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- Re: gitlab package (was Re: Opt out style recommends)
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: gitlab package (was Re: Opt out style recommends)
  - From: Michael Lustfield <michael@lustfield.net>

Prev by Date: Re: gitlab package (was Re: Opt out style recommends)
Next by Date: Bug#820779: ITP: golang-github-masterzen-xmlpath -- subset of the XPath specification for Go
Previous by thread: Re: gitlab package (was Re: Opt out style recommends)
Next by thread: Re: gitlab package (was Re: Opt out style recommends)
Index(es):
- Date
- Thread