Monday 02 Nov 2015 09:29:48, Duncan wrote :
> Patrice Clement posted on Mon, 02 Nov 2015 09:33:49 +0100 as excerpted:
> > [gerrit]
> > 
> > Anyway, just my 2 cents on the topic. Have a look and you'll see in
> > terms of features, I think it's on a par with Github. And it's open
> > source. ;)
> FWIW from previous gerrit suggestions...
> The problem there is ... java, along with the maintenance and security 
> issues it brings when run on a publicly accessible server where java is 
> otherwise unnecessary.  (IIRC, at least one infra person said it's a hard 
> no on java running on gentoo infra, period, as it simply cannot be done 
> correctly and safely with the resources available.  Tho I'm not 100% sure 
> IRC on that one.)
> #2 problem, as with several code-review products, is the security issue 
> of the huge stack of code (regardless of language) on a web server, with 
> direct single-user write access to the tree.  If it were a different user 
> for each dev account so unconditional write access wasn't a monolithic 
> grant...
> Now if a one-way repo sync is done to the tree gerrit accesses from 
> gentoo-master, not reversed, sandboxing the tree gerrit has access too, 
> the problem is lessened to some degree, but of course that dramatically 
> lessens the usefulness as well, since the reviewed code must then be 
> checked back into the main tree manually.
> Which would seem to be one potential positive for phabricator, since at 
> least from the bit here in-thread, it appears to be review-only, no 
> direct commit access, thereby eliminating at least that security threat.
> -- 
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman

By reading your answer, I'm not sure if it is clear or obvious for most users 
the workflow between the Gentoo infra <-> Github infra functions so maybe we
should explain it one more time:

1) Gentoo developers receive notifications (emails) from Github that somebody's
  sent a PR and would like to merge it into the main repo
2) They go over to and checkout the PR
3a) Sometimes (often), the PR has tons of errors and doesn't respect our coding
  standards and suddenly, we get a zillion notifications that mgorny and
  hasufell are peer-reviewing the PR ;)
3b) Sometimes the PR is spot on, the ebuild(s) submitted is (are) flawless, we
  merge it.
4) How do we merge it? We do *NOT* make use of the "Merge" button Github offers
(and never will). Why? Changes would get lost in the wind if we did so, since
the repository sitting on the Github infra is merely a mirror. Instead, we pull
each PR into our own local copy of the Gentoo git repository hosted at and then merge them. 

See: and

Think of Github as a nice and fancy UI to bridge the gap between developers and
those allergic to a console and used to a browser.

Now, with this explanation out of the way, I'm not sure what you mean by the
"security threat" issue you've brought up your email. 

Gerrit is a code-review web platform that CAN allow commits to be merged, but
this privilege has to be granted to specific users (like Github). It is really
up to us and how infra want to manage merging. It doesn't make Gerrit less or
more secure IMHO. This is a biased argument.

Patrice Clement
Gentoo Linux developer

Reply via email to