search

alan-turing-institute / data-safe-haven

https://data-safe-haven.readthedocs.io
BSD 3-Clause "New" or "Revised" License
61 stars 15 forks source link

Gitea mirror policy #1998

Open JimMadge opened 4 months ago

JimMadge commented 4 months ago

Set out which tiers the Gitea mirror feature will be enabled for.

Is there an override in the config?

craddm commented 3 months ago

There is nothing about Gitea (or Hedgedoc for that matter) in the config as it stands.

What are we intending to do? We have an existing Gitea resource that is always deployed and that users can use to version control within an SRE.

Is it possible to configure that to allow the same Gitea resource to do read-only mirroring of external repos? Or do we need a separate Gitea instance to do that? If so do we then need to allow the sysadmin to independently switch off the separate Gitea instance, if they are separate, or to switch off the capability of the main Gitea instance to provide read-only mirroring?

Edit: never mind the above, I went back and reread the other relevant issue

When it comes to Tiering, clearly for Tier 1 Gitea should be allowed to mirror anything at all and it doesn't even need to be read-only.

If we mimic the policy for R/Python packages, then for Tier 2, read-only mirroring of any repo is allowed, while for Tier 3, it would be mirroring of approved repos only (perhaps then request/review would be required).