How do I push stuff to gitlab?
Eric S. Raymond
esr at thyrsus.com
Thu Nov 19 03:26:43 UTC 2015
Hal Murray <hmurray at megapathdsl.net>:
> esr at thyrsus.com said:
> > You gave GitLab an ssh public key; git uses your ssh private key. This
> > allows you to be authenticated to GitLab. You're a member of the NTPsec
> > project with the role "Developer", so you can push to any unprotected
> > branch. The repository is not world-writable.
>
> That would make sense if GitLab knew who I was. Why am I me as compared to
> you or somebody who doesn't even have an account?
>
> How does it translate my local login name to a GitLab name? A brute force
> search of everybody with write access seems like a bad idea if there might be
> a large project and I'm sure somebody will come up with one.
>
> The public key has a user at host at the end. I don't know if the private key
> has something similar. Mine is encrypted. Assuming that gets to the wire,
> then a hash table lookup would do it.
The only identifying piece of info it has about you when you push is
your ssh public key - git developer access works through an ssh
tunnel. Therefore, it must be doing something like that brute-force
check.
You're right, it would be interesting to know more about how this works.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list