Github is Not Open Source | Juliette — I write
listed.to
Github is Not Open Source | Juliette — I write
  • @lurch
    23 months ago

    no, you can accept them on an open port or via CLI

    • @[email protected]English
      33 months ago

      Not sure what you’re suggesting. Here… are you suggesting random write access to a port on a device you host? Anybody can push a branch to your selfhosted repo?

      Or are you talking about self-hosted forgejo, gitlab, etc.?

      Anti Commercial AI thingy

      CC BY-NC-SA 4.0

      Inserted with a keystroke running this script on linux with X11

      #!/usr/bin/env nix-shell
#!nix-shell -i bash --packages xautomation xclip

sleep 0.2
(echo '::: spoiler Anti Commercial AI thingy
[CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)

Inserted with a keystroke running this script on linux with X11
```bash'
cat "$0"
echo '```
:::') | xclip -selection clipboard
xte "keydown Control_L" "key V" "keyup Control_L"
      • @lurch
        13 months ago

        Yes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.

        • @[email protected]English
          23 months ago

          That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

          while true ; do
  head /dev/urandom -c 100MB > file.txt
  git add file.txt
  git commit -m "new commit"
  git push
done

          and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

          And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

          It just doesn’t sound like a convincing solution, IMO.

          Anti Commercial-AI license

          • @lurch
            13 months ago

            no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse