[asterisk-dev] Git Migration
Andrew Latham
lathama at gmail.com
Wed Sep 17 10:52:09 CDT 2014
For the Gitolite stack I have recently setup I used SSL with SUEXEC
into a wrapper for Gitolite. This works out very well and you get
security plus the very fine grained access without having to toss SSH
keys around.
On Wed, Sep 17, 2014 at 9:41 AM, Matthew Jordan <mjordan at digium.com> wrote:
>
>
> On Wed, Sep 17, 2014 at 6:27 AM, Corey Farrell <git at cfware.com> wrote:
>>
>> The Wiki page mentions SSL certificates/SSH keys for commit access,
>> but doesn't mention self-service SSH key management. I don't know the
>> full details of how this works, but the ability to add/remove keys
>> without involving Digium folks would be very nice. Management of
>> keys/certificates is something worth noting for the different options
>> being considered. I'm guessing this doesn't apply if SSL certificates
>> are used.
>
>
> In my mind, there really need to be three broad classifications of users:
>
> (1) Those who can contribute code and make requests for code to be merged.
> This should be everyone.
> (2) Those who can merge code into the various maintenance branches/master.
> This should be restricted to some extent. How we do that can be a function
> of a lot of different things - SSH keys, SSL certs, or - if using gerrit -
> its built-in groups.
> (3) Those who can make new tags/releases. Again, this can either be a
> restriction via some access mechanism, or - depending on the size of the
> people in (2) - it can simply be an agreed upon notion that you don't make
> tags willy-nilly.
>
> How we go about that really depends on the tools. Gerrit supports OpenID,
> and Atlassian Crowd (which the Asterisk project already uses) is an OpenID
> provider. We'll need to lab that up to understand how well that works, but
> it does sound promising - and would potentially remove the need for SSL
> certs or SSH keys.
>
>
> --
> Matthew Jordan
> Digium, Inc. | Engineering Manager
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at: http://digium.com & http://asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
--
~ Andrew "lathama" Latham lathama at lathama.com http://lathama.net ~
More information about the asterisk-dev
mailing list