[tor-bugs] #20821 [Internal Services/Tor Sysadmin Team]: VM to install gitlab
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 6 15:34:12 UTC 2017
#20821: VM to install gitlab
-------------------------------------------------+---------------------
Reporter: hiro | Owner: tpa
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Comment (by hiro):
Hi,
Replying off-line to a few questions that were raised when discussing
about the Gitlab instance setup.
the main concern I think is being able to safely run Gitlab without having
the risk of accidental commits or write ups of our codebase.
In this sense, Gitlab itself has a system of role and permissions that can
be managed. Please see https://docs.gitlab.com/ce/user/permissions.html
for more info. This would manage permissions on Gitlab side. Some of this
setup is hardcoded in the installation and would probably need an attacker
to have access to the machine to mess with it.
Said this, in case we do not feel happy with this solution, we could
always restrict access in git to the instance. I haven't researched this
fully, but if it is needed I could do this before moving forward with
provisioning the machine.
Another possible solution that we could explore is the idea to run gitlab
as a complete different remote and the members of the team using the
repositories will have to take care to sync to Tor git remote when they
want to merge and/or release something. Personally I would start with this
solution. But not sure this is what the network team does want.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20821#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list