| ... | ... | @@ -27,7 +27,7 @@ the noise down. If you're not sure if you need a top-level repository then |
|
|
|
perhaps request a user repository first, and use that until you know you need
|
|
|
|
a top-level repository.
|
|
|
|
|
|
|
|
Some projects, for example pluggable-transports, have a path hierachy for their
|
|
|
|
Some projects, for example pluggable-transports, have a path hierarchy for their
|
|
|
|
repositories. This should be encouraged to help keep this organised.
|
|
|
|
|
|
|
|
A request for a new top-level repository should include: the users that should
|
| ... | ... | @@ -613,7 +613,7 @@ broader attack surface GitLab provides, compared to the legacy, |
|
|
|
web application basically has write access to everything.
|
|
|
|
|
|
|
|
Of course, GitLab is larger, and if there's an unauthenticated attack
|
|
|
|
against GitLab, that could compromise our respositories. And there is
|
|
|
|
against GitLab, that could compromise our repositories. And there is
|
|
|
|
a stead flow of new [vulnerabilities in GitLab](https://www.cvedetails.com/vulnerability-list/vendor_id-13074/Gitlab.html) ([sorted by
|
|
|
|
priority](https://www.cvedetails.com/vulnerability-list.php?vendor_id=13074&product_id=&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=178&sha=fe38ca18c40b857201e9ae9283dea03b71b724f0)), including remote code execution. And although none of
|
|
|
|
those provide *unauthenticated* code execution, our anonymous portal
|
| ... | ... | |
