@@ -27,7 +27,7 @@ the noise down. If you're not sure if you need a top-level repository then
perhaps request a user repository first, and use that until you know you need
a top-level repository.
Some projects, for example pluggable-transports, have a path hierachy for their
Some projects, for example pluggable-transports, have a path hierarchy for their
repositories. This should be encouraged to help keep this organised.
A request for a new top-level repository should include: the users that should
...
...
@@ -613,7 +613,7 @@ broader attack surface GitLab provides, compared to the legacy,
web application basically has write access to everything.
Of course, GitLab is larger, and if there's an unauthenticated attack
against GitLab, that could compromise our respositories. And there is
against GitLab, that could compromise our repositories. And there is
a stead flow of new [vulnerabilities in GitLab](https://www.cvedetails.com/vulnerability-list/vendor_id-13074/Gitlab.html)([sorted by
priority](https://www.cvedetails.com/vulnerability-list.php?vendor_id=13074&product_id=&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=178&sha=fe38ca18c40b857201e9ae9283dea03b71b724f0)), including remote code execution. And although none of
those provide *unauthenticated* code execution, our anonymous portal
