• onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Not sure what you’re suggesting. Here… are you suggesting random write access to a port on a device you host? Anybody can push a branch to your selfhosted repo?

    Or are you talking about self-hosted forgejo, gitlab, etc.?

    Anti Commercial AI thingy

    CC BY-NC-SA 4.0

    Inserted with a keystroke running this script on linux with X11

    #!/usr/bin/env nix-shell
    #!nix-shell -i bash --packages xautomation xclip
    
    sleep 0.2
    (echo '::: spoiler Anti Commercial AI thingy
    [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)
    
    Inserted with a keystroke running this script on linux with X11
    ```bash'
    cat "$0"
    echo '```
    :::') | xclip -selection clipboard
    xte "keydown Control_L" "key V" "keyup Control_L"
    
    
    • lurch (he/him)
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Yes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.

      • onlinepersona@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

        while true ; do
          head /dev/urandom -c 100MB > file.txt
          git add file.txt
          git commit -m "new commit"
          git push
        done
        

        and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

        And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

        It just doesn’t sound like a convincing solution, IMO.

        Anti Commercial-AI license

        • lurch (he/him)
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse