Hey.
Okay upstream has changed his opinion again an no longer wants to
provide hardening hints to gitolite users in general.
So attached is a text based version based on the latest version I've
presented upstream using the default Debian gitolite3 username.
Please include to within
Hey.
It seems upstream will include[0] my hardening hints in the form of
markdown file[1] (which has also some spelling corrections compared to
the one uploaded here) in the contrib section in the next version.
So perhaps wait a bit with that,... and eventually just include a
pointer to the
Package: gitolite3
Version: 3.6.1-3
Severity: wishlist
Tags: patch
Hi.
I spent some time in thinking how one can ideally harden the git user
fromt he SSH side (i.e. rather independently of gitolite3).
I've posted my ideas upstream
Perhaps placing an emphasis on this:
As of now, there is at least on my server a bug when PermitOpen is set
to none:
https://bugzilla.mindrot.org/show_bug.cgi?id=2355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778807
Which is why the attached config snippet has this disabled for the
4 matches
Mail list logo