Re: Meeting agenda bot, website, git, ssh

From: Ian Jackson <ijackson(at)chiark(dot)greenend(dot)org(dot)uk>
To: spi-general(at)lists(dot)spi-inc(dot)org
Subject: Re: Meeting agenda bot, website, git, ssh
Date: 2009-01-21 10:27:51
Views: Raw Message | Whole Thread | Download mbox
Lists: spi-general

Joerg Jaspert writes ("Re: Meeting agenda bot, website, git, ssh"):
> [Ian:]
> > If the code for something running on the server is kept in git then
> > effectively everyone who can write to the git can run code on the
> > server, because even if pushing to the running copy is manual no-one
> > will review every diff.
> Are we up to splitting hairs now? :)

This was the motivation for my original question, so not
hair-splitting at all.

> Yes, of course, if you can commit stuff you can commit bad things too.
> Somehow thats (technically) not avoidable. Unless you want one of us
> admins play gatekeeper, and *I* sure not want to add such a
> restriction.

One obvious approach is to have differently-access-controlled git
repositories only some of which are able to take over the machine.

For example, people who need to edit web pages do not need to be able
to run code on the server. I assume (perhaps over-optimistically)
that whatever CMS(s) we are using do not permit the author of the page
data to execute code on the server.



Browse spi-general by date

  From Date Subject
Next Message Jimmy Kaplowitz 2009-01-21 16:44:59 SPI Board Meeting Announcement: Wednesday, December 17th, 2008
Previous Message Joerg Jaspert 2009-01-21 09:06:48 Re: Meeting agenda bot, website, git, ssh