Re: [GNUnet-developers] Discussion, and Help Wanted: Moving to Gitlab for Git, CI, and Issues

[wldhx]

> So instead of "hey, signup and we give you access", what about the
> addition of LDAP?
> https://docs.gitlab.com/ee/administration/auth/how_to_configure_ldap_gitlab_ce/

Is there additional benefit to LDAP as compared to standard GL ACL [0]?
Note only some roles have "add members" privilege.

I had had experience with them being somewhat rigid (you sometimes want
a specific set of privileges which none of the built-in roles covers),
but we should probably be fine.

>> So here's a problem I see with this as it is right now:
>> I'm a git admin. Before I give people a certain kind of access, be
>> it for one repo only, a range of repos or the group 'gnunet', I
>> have a sort of checklist. Can I digitally verify to some extent that the
>> key sent to me matches the person? Do we have a CAA signature? etc.
>> Now I see already one name as 'Owner' in the gnunet group who, to
>> my knowledge, has never signed anything. Correct me if I'm wrong
>> about ic.rbow.

ic.rbow has indeed not signed CAA yet. I asked them to now. In my
defense, I added them when gitlab.gnunet.org was a mere experiment :)

>> We can only trust each other.
>> Since we have this CAA in place, we need more than trust, we need
>> some guidelines when someone is added to which permission level
>> in gitlab.
>> Previously the communication about what happened, which steps
>> were followed and that there is a new committer, were betwee
>> 1 or 2 people involved in administration. Now potentially everyone
>> can do this, which is either bad or good, so at the very least
>> we need to communicate about new rights given.

+1 for guidelines, +1 for communication, but maybe not that much changes
due to GL ACL.

[0]: https://gitlab.com/help/user/permissions.md

signature.asc
Description: OpenPGP digital signature