-1

We don't have this requirement yet, but one question that has been brought up is protection of git repositories if necessary. Today, we have one CB "account" which all our users are part of, thus they all have access to every git repository in that account. Is the recommended action for this permissions requirement to setup a separate account for that git repository? We can have a user/email address associated with multiple accounts, correct? Or would the user also need an entirely different CloudBees login for each account?

Neil
  • 2,524
  • 2
  • 22
  • 30

2 Answers2

0

you don't have enough specifics in your question(s) for a good answer.

are you hosting this yourself? or somewhere else (e.g. github)? is this a company dev team on open source free for all?

personally my company uses github. we have a business account that creates and owns all the repositories. all our devs have their own accounts. and each account is granted access to a repository on a per-need basis.

on to protection.

are you taking about code protection in the wild? or from your own devs? if your talking about deploying via git, it's trivial to setup your server to not actively serve /.git/ directories (this can be done via .htaccess).

if your talking about protection from your own developers that's another story. the per-user access rights i already spoke about cover that to a certain extent. beyond that "protecting" the code from being hacked and destroyed is also pretty trivial. recently kernel.org was hacked, but they couldn't destroy the code since it was tracked by git. git uses cryptographically secure SHA-1 hashes for everything it tracks: trees, blobs, commit ids, etc. if anything is changed in your repos all the sha's for subsequent commits will change. all your devs will have a local clone of the repo with the full history, so even if the centeralized repo is destroyed it could be replaced by any of the local clones.

xero
  • 4,077
  • 22
  • 39
0

The CloudBees Forge Git repositories do not currently support fine-grained permissions or ACLs

We do have this on our roadmap (e.g. to support groups and roles, and permissions per group/role), however have no fixed delivery date has been set.

Ben Walding
  • 4,006
  • 2
  • 30
  • 28