[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [O] Why no secure code retrieval

From: Bastien Guerry
Subject: Re: [O] Why no secure code retrieval
Date: Sat, 02 Jul 2016 16:18:42 +0200
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.0.94 (gnu/linux)

Hi Nicolas,

Nicolas Goaziou <address@hidden> writes:

> GPG signing tags is OK, but I wouldn't like to request every commit to
> be signed.


>>> I know that https can be a bit tedious to setup so I am not asking for it
>>> (though I do think it would be great if it was enabled on the site in some
>>> fashion).
>> HTTPS is not so tedious these days with Let's Encrypt.
>> https://letsencrypt.org/
>> We should set up HTTPS as well.
> It would be nice, indeed. I'm Cc'ing Bastien for his opinion on the
> matter, and a possible step forward.

I discussed possible server enhancements with Robert Klein a few
months ago.

I'm considering paying for a digitalocean instance, with https via
letsencrypt for both the website and git.

I'm also considering switching from our current git setup to using
Gogs (https://gogs.io): this would ease the process of adding new
contributors, welcoming more org repositories, etc.

The other solution would simply to use https://savannah.gnu.org.

One remaining problem for both gogs and savannah is to ensure web
references to commits are correctly redirected, which I think is
one line of nginx configuration.

I'm curious to know what people think about the switch to something
like gogs*.


* gitlab seems too heavy, and I'm more experienced in maintaining
  gogs instances than gitlab instances.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]