• onlinepersona
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    7 months ago

    Not sure what you’re suggesting. Here… are you suggesting random write access to a port on a device you host? Anybody can push a branch to your selfhosted repo?

    Or are you talking about self-hosted forgejo, gitlab, etc.?

    Anti Commercial AI thingy

    CC BY-NC-SA 4.0

    Inserted with a keystroke running this script on linux with X11

    #!/usr/bin/env nix-shell
    #!nix-shell -i bash --packages xautomation xclip
    
    sleep 0.2
    (echo '::: spoiler Anti Commercial AI thingy
    [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)
    
    Inserted with a keystroke running this script on linux with X11
    ```bash'
    cat "$0"
    echo '```
    :::') | xclip -selection clipboard
    xte "keydown Control_L" "key V" "keyup Control_L"
    
    
      • onlinepersona
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        That’s not a pull request, but a merge request. Besides the point though. What I’m getting at is: isn’t that asking for trouble? Somebody could

        while true ; do
          head /dev/urandom -c 100MB > file.txt
          git add file.txt
          git commit -m "new commit"
          git push
        done
        

        and fill up your hard drive. Also, depending on the protocol, they could try fuzzing it. Or, pipe /dev/urandom into nc and blast your git port.

        And of course, the first problem is discoverability. Who’s going to find your random, unfederated, git service?

        It just doesn’t sound like a convincing solution, IMO.

        Anti Commercial-AI license