Re: [Tails-project] [Brainstorm by Nov 27] Criteria for choo…

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: Public mailing list about the Tails project
題目: Re: [Tails-project] [Brainstorm by Nov 27] Criteria for choosing which GitLab we will use
Hi,

nodens:
> On 29/11/2019 20:14, intrigeri wrote:
>> nodens:
>>> - can we use the backup features for migrating elsewhere if needed? Or
>>> are those restricted?
>>
>> AFAIK the project import/export feature¹ is always available. Do you
>> have indications that it can be restricted?
>>
>> [1] https://docs.gitlab.com/ee/user/project/settings/import_export.html


> I meant it has to be tested to ensure it works sufficiently well for our
> needs.


Heard. The good news is, we tested project import/export already
(that's how the PoC I've later pointed you folks to was set up), and
it seems to work OK :)

> I don't have any precise memory of which proiblem I encountered,
> but I remember I had some (while trying to restore stuff while trying to
> recover from disaster). It was mainly permissions issues on subprojects
> etc on a complex authorization scheme, and it was on an old version, so
> it might be totally irrelevant here. And it might also have been due to
> local specific changes.


My understanding is that this is out of scope of *project*
import/export, but in scope for full instance backup/restore.

> I have no experience with it recently, and the documentation you're
> linking to is indicating it shouldn't be an issue in our use case: we
> can probably just recreate users/groups as needed, if we need to migrate
> for any reason - there isn't dozens of teams with people in multiple
> teans and complex AAA requirement, from what I understand of our usage
> of git and surrounding stuff.


> In our case, either you have access or you don't. possibly you can only
> read and not push. My issues where stuff like "this team should be able
> to clone and submit PR, view all history, but also directly push stuff
> to this and this branch on a handful of projects in this namespace and
> not be able to view the others".


I'm not sure yet how complex our setup will need to be. My hunch says
it'll be somewhere between the 2 examples (simplistic vs. über-complex)
you're describing.

So I'm not sure how much work "we can probably just recreate
users/groups as needed" would require in practice: I suspect it'll be
doable but non-trivial, unless we have access to GitLab
instance -level backups (which we likely won't have if we use a shared
GitLab instance). I've added this criterion to the comparison.

Thanks!

Cheers,
--
intrigeri