Skip site navigation (1) Skip section navigation (2)

Re: Git Repository for WITH RECURSIVE and others

From: David Fetter <david(at)fetter(dot)org>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Git Repository for WITH RECURSIVE and others
Date: 2008-06-30 14:23:27
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Mon, Jun 30, 2008 at 01:50:26PM +0200, Magnus Hagander wrote:
> David Fetter wrote:
> > It *would* be good, if the author seemed even vaguely interested
> > in packaging up so much as a tarball, but he is not.  His attitude
> > is (paraphrasing from conversations with him the past few days),
> > "it's good enough as a git repository, and everybody who's using
> > it is a git administrator, so they should know how to wrangle git
> > repositories." While he may someday outgrow this, we really should
> > not put him and his attitude in critical paths for our project.
> > 
> > Let's go with git-shell, which is supported and packaged software
> > on just about every platform, and stop waiting for Godot^Wgitosis.
> I'm not sure I agree that this is a big problem, but sure, we should
> at least consider git-shell.

Please explain your reasoning here.  The project has taken nasty hits
on its infrastructure already (pgfoundry) because the author of the
software had a go-it-alone, I-know-best attitude that sooner than
later forced us to fork.  As a direct consequence, pgfoundry now needs
a redo that will take a pgfoundry administrator many of work in their
"ample spare time."

Let's not cause more pinch points here.

> Is there any product out there that makes it possible to admin a
> git-shell based system without having all the admins being root on
> the server?  Because that's simply not an option if you want
> anything remotely scalable.

I don't know what you mean by "remotely scalable," but it's clearly
not the same definition I have.  A sudo wrapper which only allows
creation, editing and deletion of accounts restricted to git-shell
will scale just fine.

> > Here's an even simpler implementation: git-ssh and public keys.  Yes,
> > it involves work by administrators, which I'd be delighted to do.
> Are you referring to git-shell, or is this a different product? If so,
> reference to said product, please?


> I certainly don't mind having the work pushed off to an admin team.
> But it has to be automated enough that there is no risk that
> different people set it up differently.


> And it must not require root.

This is what sudo is built to do :)

> Show me such a solution, and I'll be happy to consider it :-)

1. Create a (set of) program(s) which does exactly the following things:

    * Create an account with git-ssh as its shell.
    * Manipulate the contact information, ssh keys and groups of said account.
    * Delete the account.

2. Create a unix group and corresponding sudo role that accesses the above.

3. Create shell accounts as needed with the above group.  Yes, that's
a root-only task, but it's a short one.

I believe that the above takes care of 90% or more of tasks.  If it
turns out that we need to automate more, we can add that
(semi)automation to the capabilities above :)

David Fetter <david(at)fetter(dot)org>
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres:

In response to


pgsql-hackers by date

Next:From: Andrew SullivanDate: 2008-06-30 14:29:24
Subject: Re: A new take on the foot-gun meme
Previous:From: Alvaro HerreraDate: 2008-06-30 14:11:12
Subject: Re: GIT repo broken

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group