Re: [Opinion gathering] Git remote whitelist/blacklist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 24 May 2016, at 12:16, Randall S. Becker <rsbecker@xxxxxxxxxxxxx> wrote:
> 
> On May 24, 2016 12:08 PM, Matthieu Moy wrote:
>>> So, when trying a forbidden push, Git would deny it and the only way
>>> to force the push would be to remove the blacklist from the config, right?
>>> 
>>> Probably the sanest way to go. I thought about adding a "git push
>>> --force-even-if-in-blacklist" or so, but I don't think the feature
>>> deserves one specific option (hence add some noise in `git push -h`).
>> 
>> Yeah, I agree --even-if-in-blacklist is a road to madness, but I wonder how
>> this is different from setting pushURL to /dev/null or something illegal and
>> replace that phony configuration value when you really need to push?
> 
> May be missing the point, but isn't the original intent to provide policy-based to control the push destinations? A sufficiently knowledgeable person, being a couple of weeks into git, would easily see that the config points to a black-listed destination and easily bypass it with a config update, rendering all this pointless? This seems to me to be a lot of effort to go to for limited value - unless immutable attributes are going to be obtained from the upstream repository - which also seems to run counter to the whole point.

An actor with a bad intent will *always* be able to bypass this. However, I see two use cases:

(1) Accidental pushes. 
An inexpierenced developer clones a repo from github.com, commits for whatever reason company code and pushes. At this point the code leaked. The blacklist feature could have warned/stopped the developer.

(2) Intentional open source pushes.
At my day job we encourage people to contribute to open source. However, we want them to follow our open source contribution process. If they run "git push" on a new github.com repo then I want to interrupt the push and tell them to look at our contribution guidelines. Afterwards they could whitelist the repo on their local machine and push without trouble.

In summary I think the feature could be a safety net for the developer to not leak company code.

Cheers,
Lars--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]