Risk management of having the git repo on internet #72
Replies: 10 comments
-
|
Beta Was this translation helpful? Give feedback.
-
IMHO, one could use pull mirroring from GitHub to GitLab: the latter would pull from the former (the "canonical" repository) on a scheduled basis: https://docs.gitlab.com/ee/user/project/repository/mirror/pull.html . |
Beta Was this translation helpful? Give feedback.
-
I forgot to say that with git everyone has a copy of the full repository, so the risk if someone deletes the repo is very low. |
Beta Was this translation helpful? Give feedback.
-
Is that the case also for all the github management (issues, wiki...)? |
Beta Was this translation helpful? Give feedback.
-
As far as I know, the wikis are just (hidden) Git repositories and both platforms use the same format, hence synchronizing the wikis from GitHub to GitLab should be doable (scriptable) in a similar way to the main Git repository itself. However, for issues, pull requests / merge requests, CI/CD pipeline execution logs, I am not aware of any automatic way of doing this synchronization easily. It should be doable to have periodic "migrations" from GitHub to GitLab, by reimporting the GitHub repository to GitLab (https://docs.gitlab.com/ee/user/project/import/github.html). But, to my understanding, this is a manual action which requires set-up and preparation. |
Beta Was this translation helpful? Give feedback.
-
Don't forget the GitHub REST API. For a start we can easily write a python script who write all issues on a csv file. It is already done on this repo. We can go further if needed (gitlab has a REST API too) |
Beta Was this translation helpful? Give feedback.
-
I suggest that
|
Beta Was this translation helpful? Give feedback.
-
We can enforce 2FA for the group KhiopsML but first we need that everyone configure it for its account. Note that this will be enforced by Github eventually. More details: |
Beta Was this translation helpful? Give feedback.
-
I agree about 2FA, I suggest activating that before September (= first release), giving all members the time to activate this on their account. We should use TOTP or secure keys (= passkeys), and not SMS... :) |
Beta Was this translation helpful? Give feedback.
-
For info, I have the github mobile app (especially useful in the doctor's waiting room) and the 2FA is automatically activated with it. |
Beta Was this translation helpful? Give feedback.
-
How to manage the risk of having the git repo on internet, if for example a malicious user cracks admin paswords and delete the depo.
Beta Was this translation helpful? Give feedback.
All reactions