• onlinepersona@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      7 months ago

      Not sure what you’re suggesting. Here… are you suggesting random write access to a port on a device you host? Anybody can push a branch to your selfhosted repo?

      Or are you talking about self-hosted forgejo, gitlab, etc.?

      Anti Commercial AI thingy

      CC BY-NC-SA 4.0

      Inserted with a keystroke running this script on linux with X11

      #!/usr/bin/env nix-shell
      #!nix-shell -i bash --packages xautomation xclip
      
      sleep 0.2
      (echo '::: spoiler Anti Commercial AI thingy
      [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)
      
      Inserted with a keystroke running this script on linux with X11
      ```bash'
      cat "$0"
      echo '```
      :::') | xclip -selection clipboard
      xte "keydown Control_L" "key V" "keyup Control_L"
      
      
      • lurch (he/him)
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Yes, if you want to accept pull requests from anyone, you can set up a jailed git server with public access, for example.

        • onlinepersona@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

          while true ; do
            head /dev/urandom -c 100MB > file.txt
            git add file.txt
            git commit -m "new commit"
            git push
          done
          

          and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

          And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

          It just doesn’t sound like a convincing solution, IMO.

          Anti Commercial-AI license

          • lurch (he/him)
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            no, it’s not specific to merge requests. theres a tool called git-shell that prevents abuse