[tor-bugs] #20821 [Internal Services/Tor Sysadmin Team]: VM to install gitlab

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 6 15:34:12 UTC 2017


#20821: VM to install gitlab
-------------------------------------------------+---------------------
 Reporter:  hiro                                 |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by hiro):

 Hi,

 Replying off-line to a few questions that were raised when discussing
 about the Gitlab instance setup.
 the main concern I think is being able to safely run Gitlab without having
 the risk of accidental commits or write ups of our codebase.

 In this sense, Gitlab itself has a system of role and permissions that can
 be managed. Please see https://docs.gitlab.com/ce/user/permissions.html
 for more info. This would manage permissions on Gitlab side. Some of this
 setup is hardcoded in the installation and would probably need an attacker
 to have access to the machine to mess with it.

 Said this, in case we do not feel happy with this solution, we could
 always restrict access in git to the instance. I haven't researched this
 fully, but if it is needed I could do this before moving forward with
 provisioning the machine.

 Another possible solution that we could explore is the idea to run gitlab
 as a complete different remote and the members of the team using the
 repositories will have to take care to sync to Tor git remote when they
 want to merge and/or release something. Personally I would start with this
 solution. But not sure this is what the network team does want.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20821#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list