-
-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to set custom trusted clone plugins #4352
Conversation
Deployment of preview was torn down |
How is that different to |
You can now set it per repo as well. |
did not checked the code jet - but ony an instance admin should be able to change it |
one question (idea) that comes into my mind: why not add the config into TrustedConfiguration ? |
Repeating it doesnt help. Can we keep the discussion in the issue? You never responded to #2601 (comment) |
Why the instance admin? This is about per-repo/per-user credentials, so the repo admins should decide how they are used. |
Co-authored-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
on public instances like e.g. codeberg:
|
But this would need a private repo then. And if the repo is private you can not easily convince people to contribute to exfiltrate their netrc credentials. |
limited repos are enouth ... |
What are limited repos? Netrc credentials are only required for cloning private repos and at least for gh there is only private/public. |
Limited -> logged-in users only How about adding a global option which allows changing |
Ok this only applies to gitea/forgejo then? Global option to toggle it sounds good to me. |
I still don't get why. Cloning should always happen with the credentials from the "repo-user", i.e. the user that activeated the repo. If you now have a malicious repo and somebody creates a PR to this, how can this expose credentials except the repo-user ones? |
I think so as well. The person activating a repo (or repairing later on) will be used for cloning. You could only try to ask someone to create an org repo for you and then steal those credentials (which is possible already). |
Is this currently really the case already? I thought cloning is done by the user who made the commit. |
That's actually impossible because wp can't have the credentials if the user who opens a pr is not registered at the wp instance (for example any non-maintainer on our repos). |
Makes sense. Hence, all security concerns don't apply? |
Not necessary to ask. There could be a couple of repo admins in the org. One admin adds a repo, another adds a custom image and steals the creds of the first one. But this is matter of trust between the admins of an org. It's unlikely that they would do this in their right minds.
How?
There is crons also. This magic should be in the docs (#4232). Seems, Bitbucket Datacenter works differently in regard of cloning. |
uh nice - that's one of the things I was going to have to lookup :) in this case I'm ok with as is :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine for you given the discussion above.
Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com>
for more information, see https://pre-commit.ci
closes #2601