How do I push stuff to gitlab?
Mark Atwood
fallenpegasus at gmail.com
Thu Nov 19 05:46:40 UTC 2015
GitLab is open source. One can download it, dissect it, and figure out
how it works.
But yes, GitLab figures out who you are by your ssh key when you push.
It's not that weird, GitHub does the same thing. If the ACLs are set, you
can push to repos outside "your account", and GitHub figures out who you
are by which SSH key you use.
..m
On Wed, Nov 18, 2015 at 7:26 PM Eric S. Raymond <esr at thyrsus.com> wrote:
> Hal Murray <hmurray at megapathdsl.net>:
> > esr at thyrsus.com said:
> > > You gave GitLab an ssh public key; git uses your ssh private key. This
> > > allows you to be authenticated to GitLab. You're a member of the
> NTPsec
> > > project with the role "Developer", so you can push to any unprotected
> > > branch. The repository is not world-writable.
> >
> > That would make sense if GitLab knew who I was. Why am I me as compared
> to
> > you or somebody who doesn't even have an account?
> >
> > How does it translate my local login name to a GitLab name? A brute
> force
> > search of everybody with write access seems like a bad idea if there
> might be
> > a large project and I'm sure somebody will come up with one.
> >
> > The public key has a user at host at the end. I don't know if the private
> key
> > has something similar. Mine is encrypted. Assuming that gets to the
> wire,
> > then a hash table lookup would do it.
>
> The only identifying piece of info it has about you when you push is
> your ssh public key - git developer access works through an ssh
> tunnel. Therefore, it must be doing something like that brute-force
> check.
>
> You're right, it would be interesting to know more about how this works.
> --
> <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20151119/6c4aacc5/attachment.html>
More information about the devel
mailing list