From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: Gentoo-hosted code review
Date: Mon, 2 Nov 2015 09:29:48 +0000 (UTC) [thread overview]
Message-ID: <pan$e9cf1$588eb79d$1f2da66d$a6572cd3@cox.net> (raw)
In-Reply-To: 20151102083349.GF21056@ultrachro.me
Patrice Clement posted on Mon, 02 Nov 2015 09:33:49 +0100 as excerpted:
> [gerrit]
>
> Anyway, just my 2 cents on the topic. Have a look and you'll see in
> terms of features, I think it's on a par with Github. And it's open
> source. ;)
FWIW from previous gerrit suggestions...
The problem there is ... java, along with the maintenance and security
issues it brings when run on a publicly accessible server where java is
otherwise unnecessary. (IIRC, at least one infra person said it's a hard
no on java running on gentoo infra, period, as it simply cannot be done
correctly and safely with the resources available. Tho I'm not 100% sure
IRC on that one.)
#2 problem, as with several code-review products, is the security issue
of the huge stack of code (regardless of language) on a web server, with
direct single-user write access to the tree. If it were a different user
for each dev account so unconditional write access wasn't a monolithic
grant...
Now if a one-way repo sync is done to the tree gerrit accesses from
gentoo-master, not reversed, sandboxing the tree gerrit has access too,
the problem is lessened to some degree, but of course that dramatically
lessens the usefulness as well, since the reviewed code must then be
checked back into the main tree manually.
Which would seem to be one potential positive for phabricator, since at
least from the bit here in-thread, it appears to be review-only, no
direct commit access, thereby eliminating at least that security threat.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2015-11-02 9:30 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-01 17:44 [gentoo-dev] Gentoo-hosted code review Michael Palimaka
2015-11-01 18:08 ` James Le Cuirot
2015-11-02 8:33 ` Patrice Clement
2015-11-02 9:29 ` Duncan [this message]
2015-11-02 10:28 ` [gentoo-dev] " Patrice Clement
2015-11-02 11:36 ` Duncan
2015-11-01 18:18 ` [gentoo-dev] " Bertrand Jacquin
2015-11-01 18:34 ` Michał Górny
2015-11-01 19:40 ` hydra
2015-11-02 0:37 ` [gentoo-dev] " Duncan
2015-11-01 19:23 ` [gentoo-dev] " hasufell
2015-11-01 19:50 ` Manuel Rüger
2015-11-01 21:27 ` hasufell
2015-11-01 21:18 ` William Hubbs
2015-11-01 22:16 ` Michael Orlitzky
2015-11-02 12:33 ` [gentoo-dev] " Michael Palimaka
2015-11-01 22:07 ` [gentoo-dev] " Michael Orlitzky
2015-11-01 22:38 ` Luca Barbato
2015-11-02 12:26 ` [gentoo-dev] " Michael Palimaka
2015-11-02 13:04 ` Kristian Fiskerstrand
2015-11-02 19:24 ` Dirkjan Ochtman
2015-11-03 12:48 ` Michael Palimaka
2015-11-02 11:08 ` [gentoo-dev] " Alexander Berntsen
2015-11-02 13:24 ` [gentoo-dev] " Michael Palimaka
2015-11-02 14:01 ` Alexander Berntsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$e9cf1$588eb79d$1f2da66d$a6572cd3@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox