On Tue, 2008-12-09 at 09:56 +0100, Thomas Koch wrote: > Sorry for the shameless subject, but I presented gitosis yesterday to > our sysadmin and he wasn't much delighted to learn, that write access to > repositories hosted with gitosis would need SSH access. Accounts set up with keys for Gitosis are given restricted accounts (from my understanding similar to how CVS or SVN operate over SSH tunnels). The sysadmins here at Slide also had similar frustrations/concerns about using Gitosis, but we were able to convince them that keys were a far better solution than keyboard-interactive login sessions over HTTPS for Subversion. We're using gitosis with plenty of developers (coming up on 50) and haven't had any issues with security (yet, crossed fingers). We even have some accounts that are able to read but not write, i.e. they can clone and pull, but not push back up to the central repository. YMMV. > > So could you help me out in this discussion, whether to use or not to > use gitosis? > Our admin would prefer to not open SSH at all outside our LAN, but > developers would need to have write access also outside the office. I recommend using VPN if the need to push/pull while outside of the office (more fun solutions include SSH gateways that tunnel outside to inside). Otherwise, why could they not simply commit locally, etc, and then when they come into the office push/pull? Cheers -- -R. Tyler Ballance Slide, Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
