juliette@pawb.social to Technology@lemmy.ml · 9 months agoGitHub Is Not Open Source, A Rantlisted.toexternal-linkmessage-square92fedilinkarrow-up1168arrow-down145
arrow-up1123arrow-down1external-linkGitHub Is Not Open Source, A Rantlisted.tojuliette@pawb.social to Technology@lemmy.ml · 9 months agomessage-square92fedilink
minus-squarelurch (he/him)linkfedilinkarrow-up1·9 months agoYes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.
minus-squareonlinepersona@programming.devlinkfedilinkEnglisharrow-up2·9 months agoThat’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could while true ; do head /dev/urandom -c 100MB > file.txt git add file.txt git commit -m "new commit" git push done and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port. And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service? It just doesn’t sound like a convincing solution, IMO. Anti Commercial-AI license
minus-squarelurch (he/him)linkfedilinkarrow-up1·9 months agono, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse
Yes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.
That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could
and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe
/dev/urandom
intonc
and blast your git port.And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?
It just doesn’t sound like a convincing solution, IMO.
Anti Commercial-AI license
no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse