[Standards] Evaluating gitlab.com as new location for XEP Editor repositories (xeps+registar)

Waqas Hussain waqas20 at gmail.com
Sun Jun 21 14:36:56 UTC 2020

On Sun, Jun 21, 2020 at 10:34 AM Waqas Hussain <waqas20 at gmail.com> wrote:

> On Tue, Jun 16, 2020 at 1:13 PM Jonas Schäfer <jonas at wielicki.name> wrote:
>> > Alternatively, if we do still want to use Docker, why not just use
>> > whatever GitHub's CI is or one of the many CI solutions that can work
>> > with GitHub without setting up lots of new infrastructure, repos,
>> > syncing, etc? (ie. Travis, Circle CI, Drone, etc. there are tons of them
>> > and many of them are free but also designed to work with GitHub)
>> Due to the messed up permission model of GitHub, all of them (I can’t
>> test
>> travis because I signed up with them a long time ago, Circle CI does,
>> GitLab
>> CI for GitHub does, Docker Hub does for newly added repositories; Drone
>> seems
>> to require infrastructure we don’t have or want to maintain on the iteam
>> side)
>> seem to require full write access to all repositories whichever account
>> is
>> used to set them up has access to or will ever have access to, public and
>> private.
> I'd second what Sam suggested elsewhere in the thread. If the main issue
> is Github's permission model (due to us using personal human accounts for
> doing CI auth), we should use Github's recommended alternatives: machine
> users is what they've recommended prior to Github Actions.
> See
> https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users
> With my security hat on, using human accounts for CI is an anti-pattern.
> You /want/ a machine CI user, even if human accounts would work perfectly.
> This helps fully compartmentalize CI, limits blast radius when incidents
> happen, is easier when humans eventually leave the org.
> If Github Actions work for our use-cases, that might be ideal though. It's
> more managed, which I'd expect to translate to less burden on iteam, and
> allow easier contribution by folks not on iteam.
> I'm on the side of keeping issues and PRs on Github, that's where the
> users are. Asking every contributor to create a Gitlab account seems
> unfortunate, when practically every contributor already has a Github
> account.
> I do appreciate the idea of supporting account-less contributions (that
> Zash called out), and the historical channel for that has been the mailing
> list. So that seems covered in any case.
> Thanks,
> Waqas
Oh, and I wanted to add: thanks for working on this Jonas, and everyone
else on iteam. Regardless of where we land, I'm sure we all appreciate the
effort being put in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200621/b4280e5f/attachment.html>

More information about the Standards mailing list