• lurch (he/him)
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Yes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.

    • onlinepersona@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

      while true ; do
        head /dev/urandom -c 100MB > file.txt
        git add file.txt
        git commit -m "new commit"
        git push
      done
      

      and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

      And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

      It just doesn’t sound like a convincing solution, IMO.

      Anti Commercial-AI license

      • lurch (he/him)
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse