== Where I stopped last time ==
[ ] Add "Spread the word!" on website.
[ ] Run unit testing.
[ ] SPF? mail-ul ajunge in spam!
[ ] Upload kvm image to downloads.rocketgit.com. Sign it? sha256 it?
[ ] Release virtual machine.
[ ] https access before first launch?
[ ]
== BEFORE NEXT RELEASE ==
[ ] Add uid to events so we can delete old events for tests or abusing users?
[ ] Should we just set no password somehow for ssh access to be able to signal
the user that has no key uploaded?
[ ] When getting another IP, allow ssh on port 443(https)?
[ ] Investigate --decorate/--word-diff for git log.
[ ] client_win.html hint is not used.
[ ] merge.html hint is not used.
[ ] On create repo form if somebody puts a space, the message does not tell
what chars are invalid/permited (reported by Ionut).
[ ] Avoid alst two err- files at install time. Check if table state exists?
And cache this info?
[ ] Security: Link-uri + xss (Ionut)
[ ] I am able to disable merge/pull requests? Anon yes, but the other ones?
[ ] report1: add disk space
[ ] Compress logs (when we are short in disk space)?
[ ] nofollow
[ ] Check other filesystems: nils2 etc for virtual machine.
[ ] Add right 'allow bad commit messages'.
[ ] Add a new section in 'Rights' to enforce a regex on the commit message.
[ ] Merge requests are not ok - still using files.
But, we also insert entries in database!
[ ] Need to add comments for merge request. Find a way to propagate them in the
git repo?
[ ] Implement 'clone' because is easy. The mrs will be a little bit harder.
[ ] Because I show the merge re request id, somebody can change the commits.
Somehow, it should be locked?
[ ] Maybe we should not allow bug creation as anonymous?
How do the anonymous person will edit it? A cookie?
[ ] When a user push something, give them some statistics after.
[ ] When a push failes with a non-fastforward error, show who "broke" the flow.
[ ] We should clean anon namespaces if they fail? name them 'something.tmp'
till after succesfully run receive-pack. Or just compare with
the db?
[ ] When a user succesfuly log in, generate a signed token to be used in case
of brute force attack on his account. With that token he will be able
to bypass rate limitting.
[ ] slogan: it is not rocket science
[ ] Only one daemon should update the structure, else they will conflict.
Dpne. Check.
[ ] nofollow la logout; poate si in alte parti
[ ] Check if SSL cyphers are ok
[ ] Se pare ca autogenerez drepturi 'All' pentru orice user asupra repo-ului.
Se pare ca si la "Path rights"!
Rezolvat. Ramine problema ca am drepturi full dublate. Nu stiu daca e
ok sau nu.
[ ] Binary files - diff?
[ ] ionut: Nu e usor sa selectezi url-ul de clonare, tu il ai link: ex: git://git.rocketgit.com/user/catalinux/rocketgit
Pare ca "git://" nu apare in link.
Sugestia mea: ori faci un textarea, ori folosesti o librarie pentru
copy/paste, vezi exemplu cum face github:
https://github.com/blog/1365-a-more-transparent-clipboard-button sau
http://davidwalsh.name/clipboard
[ ] ionut: Ai sectiuni de dimensiuni fixe 700px,
gen: http://rocketgit.com/op/features, daca vrei poti incerca sa
folosesti css3, flex-box, ceva informatii gasesti aici:
http://www.w3schools.com/cssref/css3_pr_flex-flow.asp
[ ] Would be nice to give more informations when we auto generate keys
- something like 'Autogenerated - because repo is public".
[ ] Deal with keys with spaces.
[ ] Add an invite form (only for logged-in people - because of spam) that
will send mail to a friend with all the details.
[ ] Graph with the server load.
[ ] Warn users on the first page for behind-the-firewall installations
that a new version is available. Maybe also the severity level.
[ ] Add unit test for 'copy to' into git_log1. There is already one but does
not trigger the detection. Maybe we need a bigger file.
[ ] Make the blob show nicer and remove rg_template_list (replace
it with rg_template*).
[ ] If there are a lot of tags/branches, remove oldest ones.
[ ] Add a "Stats" menu per repo: at least disk size.
[ ] Seems we are stuck processing events in events.php daemon because we are
stuck in 'accept'. We should keep processing the events queue.
I think this was because we did not signal the daemon. Can be closed?
[ ] Accessing a file with '"' inside, is not working.
See rocketgit.com/user/catalinux/test1/source/tree/blob/"xx\"yy"
[ ] Build a vm image to offer for download.
[ ] Add an option to specify a license for the projects.
[ ] Present bugs as a git repo, so we easily add a new one by push?
[ ] Configuration: a number of months to keep history (see slaves).
[ ] vagrant install?
[ ] If I generated some activity on an object, do not notify myself.
[ ] Show the age of a repo/user/bug/etc.
[ ] We should update the size of the repos only if is dirty (something pushed).
[ ] Before custom hooks, allow enforcing a custom regex for a commit.
[ ] rg_repo_delete trebuie sa stearga si rights si bugs si notes si bug files
si watch-uri.
[ ] For unit testing, we need to pass a debug para in http requests and the
mails to be saved in a folder, so we can parse them and verify them.
[ ] Expose "git reflog".
[ ] Should I allow state select when adding a bug? Better to consider it open?
[ ] Add regex for label filtering, maybe for other fields?
[ ] Add regex for search?
[ ] When showing diff, for the list of files, make links to chunks inside page.
[ ] php-opcache in docs?
[ ] Drop OUTPUT to prevent some attacks? Document in README?
[ ] Seems I cache not set values: first_install is still "?"!
[ ] authorized_keys is missing from 'state' table. Is normal?
[ ] Replace -=ROCKETGIT=- with a random generated code.
[ ] La mail-ul de creare repo, las prea mult spatiu intre "Hello!" si "Repo is".
[ ] Seems I cannot reliable kill cache.php. It becomes a zombie!
[ ] Permisiile pentru /home/rocketgit/.ssh nu sint corecte! Sint root!
Rezolvat cu chown. Poate vreau sa nu mai rulez cu root keys_regen.
Only add the regen event! Why? At start we have no users and the first
key added will generate a trigger.
May be other places where I run as root!
[ ] init.php: do not show the password!
Maybe switch to a web based instalation?
[ ] I must mark that init.php script was not run, and do not start daemons!
Else, timezone nasty messages will appear in the logs and only a
restart will fix the problem.
[ ] HTTP_X_FORWARDED_FOR variable as this data is effectively user input and
therefore susceptible to spoofing.
[ ] Try to remove non critical queries from main page loading. Just schedule
the operations for later.
[ ] We should not delete the tokens. They will be cleaned hourly?
[ ] Remove all texts from code and move them to templates.
At least in forgot.php.
[ ] Storing password in database must apply multiple hashes. Check owasp.
They recommend SHA-256(private_key, salt + pass). Think more.
[ ] Regenerate salt on every successful login? Or after some pre-defined time?
[ ] Get rid of sessions table and use only hmac!
We may change the encryption key with an algo.
[ ] Should we skip SELECT/INSERT steps for logout (in token_valid)?
[ ] Persistent connection to database?
[ ] Check cache socket is protected against other users.
[ ] token: add form id into equation?
[ ] Ce se intimpla daca un atacator seteaza un cookie pe .com, de exemplu.
El se va trimite si pe rocketgit.com. Deci, daca user-ul viziteaza site-ul
atacatorului, se seteaza acest cookie, care apoi va fi trimis catre rg.com.
astfel, poate controla cookie-ul (sid-ul), deci si token-ul. Cred ca e grav.
Cred ca asta face browser-ul. As putea sa schimb numele cookie-ului, si sa-l
semnez cumva: ma duc pe attack.com si acolo imi pune un cookie pe .com a=b.
Apoi, viziteaza good.com, si catre acesta trimite cookie-ul a=b.
Daca as lega good.com de a/b, as putea elimina cookie-urile rele.
[ ] "repo_submenu" seems to not be used, remove references.
[ ] http://nedbatchelder.com/blog/201405/github_monoculture.html
[ ] mchapman (subscriber, #66589) (http://lwn.net/Articles/623905/)
With a GitHub pull-request-based work-flow I need a GitHub account
(I've been resisting getting one for myself), I need to make sure I
explicitly "fork" the repository within GitHub (simply pushing my copy
of the repo to my account won't make pull requests work, as far as I
know, because GitHub doesn't know that the original project and my
project are "linked"), and I need to use the GitHub web interface to
actually generate the pull request and take part in its review. If all
of this isn't vendor lock-in, I don't know what is.
I've got bigger problems with the GitHub pull request work-flow anyway.
If you generate a pull request, discover that changes need to be made,
you have two choices: you can create a new pull request, losing all
comments from the previous one, or you have to add new commits. If
you drop the to-be-pulled branch from your repository and replace it
with a different branch with the same name, the pull request loses all
of its comments.
No, I find the bigger problems are with pull-request based work-flow
that GitHub uses -- specifically, how that work-flow interacts with
code review. If your branch is reviewed and it needs modifications,
then these modifications *should* be made to the original commits
(not just tacked on as extra commits), which necessarily means the
branch will be rebased. GitHub's workflow breaks completely when you
rebase branches.
[ ] Should we delete previous session when user calls login if the user is
already logged-in?
[ ] Talk in installation about a php compiler?
[ ] cache_set should wait for an answer? Should we send an answer?
[ ] security_violation_no_exit -> security_violation? To not spend resources?
[ ] We should be able to have multiple logins (think desktop and phone).
[ ] Test if cache is faster than postgres. If not, get rid of cache!
[ ] Investigate use of persistent prepared sessions.
[ ] What happens if we cannot generate a form token?!
[ ] Add User-Agent to session?
[ ] Check "Content security policy"
[ ] htmlspcialchars does not escape '/'. It may be dangerous:
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
[ ] Ar fi fain ca si sesiunile sa nu fie in baza de date. Daca pun uid-ul si
expirarea in ele, as putea sa scap de stocarea in baza de date.
Sa vedem ce stoches in tabela: uid, expire, session_time, ip.
Deci, as putea stoca uid-ul pe 4 bytes, expire pe 4 bytes, session_time
pe 2 bytes, si ip-ul doar pe un bit in cimpul de flag-uri.
As putea sa fac lock si pe user agent daca user-ul vrea asta.
ip-ul si user agent-ul intra in hmac, dar nu se stocheaza in cookie.
Deci, ar fi 2 * (4 + 4 + 2 + 1) + random part + sig = 22 + 8 + 10 = 40
But, we have a problem with the expiration time!
[ ] Still, a lot of things from
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
needs to be implemented.
[ ] Add "Secure" cookie para when using HTTPS.
[ ] Warning if user has not enabled cookies?
[ ] Seems that Etag is not working for main.css!!! At least.
[ ] bad_token.html must not be in user/
[ ] On create_account page, submenu1 and submenu2 are with @@...@@!
[ ] The merge request name is not so good. Maybe include also the user?
[ ] I do at least two times a request to database for uid 22 in hook_update.log
[ ] git update-ref supports "ref:" to update a ref. Should we?
[ ] Document a little bit how a merge request will show up on a repo.
[ ] Limit recursion for regex matches.
[ ] Delete anonymous push must take uid in consideration. Maybe also other ops.
[ ] Add unit test also for paths.
[ ] cache: we may have data with \x0 embedded. Check.
[ ] Do we use users.rights?!
[ ] Add some versioning mechanism to restart the cache daemon when the protocol
changes.
[ ] What happens when a user adds a non-existing one letter code for rights?
I should filter it out.
[ ] Log attempts to inject <> inside vars. Maybe in rg_var_str?
[ ] We should not call cosmetic in rights hl because we anyway load again the
list. Seems I do not do it.
[ ] Get rid of 'qstats'.
[ ] Do I test somewhere if a commit is bigger than max_commit_size?
[ ] We must test in HL functions if we have rights, not in rg_user_remove & co.
[ ] The caller of rg_user_make_admin must check rights for administering repo.
[ ] If a project is private and the admin gives "Access repo" to a user,
that user sees the repo as public. Unit test.
[ ] What right is "Access repo"?! I think is for web. Not clear. Check.
Seems is used on repo-page.php to give access or not to the repo.
But I should only check if is public.
No, because the same test is used also for private repos.
[ ] I have to define what means a 'public' repo: fetch + see bug-tracker?
[ ] In loguri, la username, apar unele cu '?'. O fi de la cache
+ bug-ul in user.inc?
[ ] We should invalidate rights cache when repo goes from public -> private
and viceversa. This is not so easy. Because the caching is not done by
repo_id.
And this is another problem. What about user_id and repo_id clashes?!
No clashes because we have the type!
So, when editing the repo and the repo is doing a switch private-repo
we must to rg_cache_unset("rights_by_obj_id::$repo_id::type
unde type poate fi "repo", "repo_refs", "repo_path" etc.
[ ] serialize returns a binary string! Not ok to store it like this in db!
unit test with \0?
[ ] We have big races for cache. But, the same with the database.
[ ] Retest repo rename. Better, add an unit test.
[ ] When changing rights, invalidate/update cache.
[ ] Replace rg_var_str with rg_var_str_core. It is ok to not have escaped in
db, but be careful with "HTML:" construct! Audit all HTML: and then
switch. Do not forget that is a problem how it works now:
for example, description that contains '<' will not work correctly.
The problem is with HTML: vars that include un-escaped vars.
Is it possible?
Seems is working for repo description. Do it everywhere?
[ ] Add unit test for inject functions.
[ ] Description passed in e-mail, may have security implications?
[ ] keywords for search. Really needed?
[ ] check: seems the browser uses 0x0d instead of 0x0a in textareas. unify?
[ ] performance: update session only after the page was flushed to the client!
[ ] ionut: http://blogs.atlassian.com/2014/10/git-summit-2014-video-roundup/?atl_medium=ACE
[ ] Get rid of custom caches in all files!
[ ] Remove rg_menu stuff (replaced with templates).
[ ] Repo owner can e-mail to users that watch?
[ ] Enforce commit messages formats based on a regex.
[ ] Add redirect to HTTPS and enable HSTS
[ ] If a user has all rights, show "All" instead of full list.
Do this in rg_rights_text?
[ ] Should a user see her/his rights?
[ ] Add rights 'allow non-ascii file names'.
[ ] We should not show delete checkboxes/buttons if a user is not allowed
to delete items.
[ ] In cache, what if a var has \n in it?
[ ] Purge deleted bugs (and notes) in background
[ ] Event for bug delete.
[ ] CIneva sterge un bug, si apoi altcineva apasa "delete" pe acelasi bug.
Va da eroare, dar nu ar trebui sa fie fatala... Eventual sa afisam
si cine a sters acel bug.
[ ] No expiration for cache?!
[ ] rg_rights_load and rg_rights_get do the same thing. Remove _load.
[ ] Maybe I should disconnect from cache if a "generation number" does not match
per connection. Think about setting/un-setting a key that fails
and then issue a get...
[ ] rights_delete_list must invalidate cache.
[ ] Somewhere we must have a section to define the groups and allow rights
for groups.
[ ] We may allow a list of paths/refs for rights, not only a single one.
[ ] Audit all regular expressions (at least /D). Especially in conf file.
[ ] I should set 'display_errors' to OFF.
[ ] Maybe add db.users.last_ip_failed? Or the history is enough?
[ ] db.users.last_ip is used for last IP used for login?
[ ] repos.disk_quota_mb must be dropped and do a look-up in plan.
[ ] Integrate max_public/private_repos into HL.
[ ] Allow specifying base language for a project.
[ ] Allow specifying license for a project.
[ ] When changing db structure, invalidate all caches.
[ ] When we will switch to C, check UTF-8 validation.
[ ] Check http://blog.wikichoon.com/2014/04/github-doesnt-support-pull-request.html
[ ] If path for repo_path rights starts with /, it is anchored.
Else, can match anywhere.
[ ] refs: if it does not start with refs/, it is assumed that is refs/heads/
Also, it must be anchored at the begin of the string.
Really anchored? Why?
[ ] Implement a basic regular expression parser.
[ ] Use an 'indent' string per repo and (optionally) enforce it.
[ ] Should we use a more restrictive umask?
[ ] In some places we have rg_event_add and then COMMIT. The event processing
loop may loose the last transaction. :(
[ ] Remove rg_repo_rights_*. Seems we cannot because we test if
ri.uid == login_ui.uid, that we cannot do in rg_rights_get.
Maybe if we pass the owner of a resource to rg_rights_get.
[ ] $user -> $rg['user']
[ ] $repo -> $rg['repo']
[ ] $org... -> $rg['org...']
[ ] Seems that for tests we do not have a log file, but is specified in the file!
[ ] Doar unele functii high-level ar trebui sa aiba pasat $rg-ul.
Restul, nu!
[ ] rg_re_repopage($rg)?
[ ] We may have a problem creating bugs. We must test for failures at every
step.
[ ] Rights: for public repos, we make a prio 0 rule to allow fetch (maybe other rights).
It will not be in database, it will be generated if repo is public.
If repo is becoming private, that rule will not be inserted anymore.
[ ] When listing repos, check the rights!
For example, a user is allowed to edit a repo, but is not the owner.
It is not enough to check 'public = 1'. This may generate a lots
of look-ups for rights. :( Not if we cache the whole rights list.
[ ] Add a reason for suspended accounts? Maybe also for other operations?
[ ] We should add 'rights.who' to record who gave that right. May be more
admins for the same repo.
[ ] 'users.rights' is still used?!
[ ] Maybe add an indirection level: Projects. Because an admin may use
rocketgit only for the bug tracker, for example. Or only for mailing
list. So, "Repositories" will become "Projects". Hm.
[ ] 'first_install' value is not cached in RAM!
[ ] Seems that an annotated tag cannot be overwritten, even with rights.
[ ] Test bug.php is not working. Seems that repo_info is not working right for
an nonexistent repo_id!
[ ] From arora I cannot login! See a tcpdump.
[ ] Rights management
- A user USER is trying to push some commits in a branch B,
for a file F
- The set of rights may be:
Branch File/dir Rights
B2 dir/*.png FPA
* dir2 A
* * F
refs/heads/x/ * ??? - allow to push in private "ns" 'x'
x/ * ??? - same as above.
refs/tags/v[0-9] ??? - allow tags that starts with v.
USER/ * ??? - give rights to any user to a
private branch (refs/heads/USER/...).
* USER/ ??? - give rights to any user to a
private dir.
- "USER" is the user that is logged in. Maybe find a better string
because we may have a user "USER".
- Also limit by IP and by time.
- We have a problem: some rights do not map correctly to the plan above.
For example, A(admin) etc. Seems we need to have >2 categories.
- Also, we will have problems classifying a project as public or private.
Maybe we can compute the rights as an event after any rights change.
Maybe we should let the user choose what type of project it is, and,
if is public, to grant fetch right.
- Should I add "Create users right"?
- Repo rights: I should split admin into: "edit repo", "delete repo",
"give rights" (should limit to his rights), "fill bugs",
"close bugs",
- Repo rights: allow "*" as user: default rights.
- Very tempting to give up "register_rights" function and have the
form as template. But I have to list them, join them etc. Hm.
Think about translations, some time.
I could use a rights file: "<right><tab><category><tab><name>"
but this will duplicate the categories with translations.
Maybe have two files, one with "<right><tab><category>" and one
with "<right><tab><text>".
I decided to let them in php file, but replace text with a
translation look-up.
[ ] Remove 'admin' stuff. We will give normal rights.
[ ] We will use '*' = all rights, so we can extend the list and some users to
get them automatically.
[ ] You can grant the rights that you have, no more.
[ ] De scos 'rights' din user/add_edit.html
[ ] Allow comma separated users for grant rights.
[ ] Loading defaults for refs_rights seems to not working.
[ ] Secure transport X in configuratia de apache. Sau in index.php?
== BEFORE NEXT-NEXT RELEASE ==
[ ] mcr@sandelman.ca: It would be nice if github could be told to reject
and/or mark files that have whitespace errors.
[ ] Transform user/bug/* into high level functions.
[ ] Maybe, when user is not logged in, on the "Repositories" main menu
show most active projects, the biggest ones, recent ones and
search form. And remove menu "List" + "Search".
Or, maybe the first page to contain best repos and search form.
[ ] Add possibility to change user time zone.
[ ] At least for notes, add also y/m/d/h/m/s 'ago' next to exact time
[ ] We need a matrix testing with:
un-logged in user, logged-in user, owner
vs
public_repo, private_repo, private_repo_with_rights for logged in user
We can use a custom theme dir that contains IDs to be able to
detect if we give errors. Or just match the English string.
[ ] I may check in the main php if doit == 1 and token is valid!
[ ] I may do a function rg_generic_edit_high_level with an array, as parameter,
with functions to call for different stuff.
[ ] Do not redirect to login page if the user is logged in!
[ ] 'Contact owner'
[ ] When editing a repo, we should not pass 'master' as parameter!
[ ] Delay events processing if load is too big. Maybe same with crons?
[ ] Test (EXPLAIN) that rights_i_type_obj_id is used.
[ ] Admin should be able to stop queue processing.
[ ] When we delete a repo, we must delete also rights and bugs etc. Same
for a user deletion.
[ ] rights.misc2 is not used now. Drop it.
[ ] How do we set rg_git_host? Now it shows r1i!
[ ] bugs: when I edit a bug, if I wrongly insert a field, description is
htmlized again (< -> <)! Probably in many other places.
[ ] bugs: we must be able to delete bugs.
[ ] Do not test if we watch a bug if the bug is new.
[ ] repo-home->"Lock repo" + hint=(options to block fetches/commits/bug/etc.)
and with reason that is logged in history and shown on access.
Also, admin must have lock power and a reason.
[ ] When sending mails, add also who did the operation. For example, delete
repo. It may not be the same person that created it!
[ ] Add a description field for rights and keys. Maybe other places.
[ ] Check http://nvie.com/posts/a-successful-git-branching-model/
[ ] After resetting password, go to the login form, with user pre-filed so the user can cache the password.
[ ] Add number of bugs multiplied with a value to total disk space.
[ ] How should I verify repo rights?
if (admin)
if (owner)
if (public)
pentru fiecare drept din lista ordonata dupa prioritati (putem avea mai multe din cauza ip/time/etc.)
verifica daca are dreptul
E valabil si pentru drepturi pe user?
Cum ar trebui sa arate tabela de drepturi? Cred ca e ok. misc poate
suporta drepturi ciudate.
Sa vedem cum arata acum:
type uid obj_id itime misc rights
Ar trebui sa avem si prioritatea in lista ca sa puetm ordona
dupa cum vrea user-ul.
Se pare ca rg_rights_load e folosit doar pentru repo si nu si pentru user.
rg_rights_set nu are notiunea de prio.
As vrea ca si owner-ul sa poata sa se limiteze la un anumit set de ip-uri.
Asta inseamna ca, din start, ar trebui sa adaug o regula pentru owner.
Sa incerc sa schitez partea de admin a user-ilor.
[ ] Do not pass a lot parameters in environment. Because of rights, we must
do a look-up in cache/db anyway. Or, compute correct rights (take in
account IP/time/etc.). No, because we need paths.
[ ] 'rg_rights_allow' needs a first parameter that is the set.
[ ] Repo rights were split in two. Check all rights checks! Maybe in check
function, verify that there is a possible right and if not internal_error.
[ ] Tree rights are a mess. User/Repo mixed rights.
[ ] "Create repositories" user right should not be in repo rights?
Probably not, because we may have no repo in the beginning.
[ ] I will have a csv document with translations from where I will build
some hash tables for fast look-ups.
[ ] Check "suspend"/"make admin"/etc. in admin area. Maybe use a checkbox and
an operation to avoid CSRF and to be consistent with ssh keys forms?
[ ] Fix rights saga on user side. We may remove user_allow and replace with
rights_check?
[ ] "Reset password" in admin area?
[ ] "Make admin" will be replaced by "Edit"?
[ ] Problems trying to push to rg1 because of SELinux:
type=SELINUX_ERR msg=audit(1366526640.307:1449979): security_compute_sid:
invalid context unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023
for scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rocketgit_exec_t:s0 tclass=process
[ ] Check if adding/editing a bug generates notifications correctly.
Maybe use a global function for notify_one.
[ ] When we cannot process an event, mark it as failed and do not touch it again.
[ ] Big confusion! An logged in user has a different ID than the one of the repo
and it may have admin rights! Audit everything (rg_ui/login_ui/$uid).
[ ] Checking mtime of event.php is not enough. Maybe checking version.
Think of includes that may change.
[ ] Checking for "rg_ui['uid'] == 0" may not be enough.
Maybe rg_ui[['uid'] = repo['uid']?
Or, everywhere add 'uid = ?' in queries.
Scenario: a user pass a list of ids to be del but s/he's not the owner.
[ ] Check if we can give rights for a non-owning repo!
We should check if the user that gives rights is the owner or has admin
rights!
[ ] Add "lock ip" to settings and use them as default.
Also use it for confirmation.
But, if the IP changes, the user will have to re-login. Hm.
[ ] The rights should be stored on different rows? Probably not.
[ ] Adding an account seems to just show "Account was created".
Maybe redirect to user page? Only if there is no need to confirm.
What about lock_ip?
[ ] Where to check if plan exists (rg_user_edit_high_level)?
[ ] SSH keys: add from what IP the key was uploaded?
== Medium ==
[ ] Add hit/miss stats to caches.
[ ] If we have bug tracker, why not a mailing list?!
[ ] Allow comma separated users in (at least) rights grant.
[ ] Suggest some users on repo's "Grant rights". Maybe contributors?
[ ] Does it makes sense to have a local cache (user/repo/etc.) when we have
another local cache (cache.inc.php)? Pay attention to
invalidating/refreshing the cache. Hm.
Really-local one is faster for big lists. But, do we allow such big
lists without pagination?
[ ] pg_fetch_assoc returns FALSE if error or no more rows.
We must know the difference!
[ ] Finish high level sql function.
[ ] No caching for keys.php? If we add one, update first_use only if needed.
[ ] Rate limit at least login operations to prevent brute force passwords.
Because the attack may come from several IPs, it is tempting to
use target user for rate limit. But, we will prevent legitimate users
to login. Maybe just increase the delay for login? Maybe notify user
how many attempts were before successful login.
[ ] remote.php: call keys_update_use from an event.
[ ] Allow user to change timezone!
[ ] Prea mult spatiu gol la notificarea de schimbare repo.
[ ] @@if: if after {{/}} follows a \n, just remove it? Maybe only if the if
tokens are the only things on a line.
[ ] Think about moving unused tokens to a new session after login.
[ ] Security: Edit info: user can change the uid behind my back in form!
This is fixed with rg_user_allow_access. It should be used everywhere.
[ ] Maybe do not deny account creation, but put them on a special state
and ask admin to allow it?
[ ] $sid to be masked behind a function (rg_user_get_sid).
[ ] Use curl to auto test all web functionality fast.
[ ] info.php shouldn't be converted to high-level function?!
[ ] Move sending e-mails to event.
[ ] Think about renaming repositories to projects. Because they contain also
the bug tracker. Maybe in the future the admin would want to disable
some modules (git/bug tracker/etc.).
[ ] When a push/etc. takes places, add an event to recompute disk size!
Then, remove this from cron.
[ ] If user applies for open-source type account, do not allow private repos.
[ ] Move rg_account_allow_creation and other configuration stuff into admin area.
[ ] How to set default rights for new users? Maybe a section in admin area?
[ ] Computing disk size must invalidate the user cache. Or update it?
[ ] Check in remote.php that for the user connecting we are updating stats.
Better, update stats for both connecting user and repo is connecting to.
As an event?
[ ] Allow user to change the plan somehow.
[ ] In documentation, because of SELinux, we may want to restart some services.
At least: xinetd, cron etc. Probably not, but I must test this.
[ ] Think about generating more tokens. Maybe just sign them to not be forced
to save them in database. At least generate more than one and cache them.
[ ] There is a small possibility for files that are called from cron to not
have correct context (cron instead rocketgit_t). Seems I fixed it
with check_context function.
[ ] Allow upload a ssh key as a file, not only paste it in textarea.
[ ] Merge $more in all places where we add events.
[ ] Invite a friend.
[ ] In a lot of places seems I use rg_log instead of rg_*_set_error!
[ ] Auto login after account creation? What about locking by IP? Maybe just redirect to
login page with (at least) username pre-filled? Or ask only about "lock ip"?
[ ] sess: just mark it as invalid and store it in cache to not connect to
database? Cron will clean them up.
[ ] Transaction for bugs_max should be shorter. Now is very long. Hm.
[ ] Protect sh scripts to be run as RocketGit user and not other.
[ ] To not have too many keys in authorized_keys, investigate certificates.
[ ] Add cache in:
- rg_keys_count
- etc.
[ ] Add transaction in all places where event_add is called.
Maybe also in other places. Do an audit.
[ ] Remove 'repo/dirty' stuff and replace with events.
[ ] When we delete a user, should we remove from cache the name_to_id/email_to_id?
[ ] Delete repo - check if all is deleted. Seems not.
[ ] Audit all operations to be verified with tokens.
[ ] Create repo on demand when a user pushes.
[ ] Compute how many users are per plan, as an event when a user is
added/deleted/changed plans. Better, from cron.
[ ] Increment usage on keys should be done by events, with a predefined interval
to not kill the database.
[ ] Allow user management by ssh:
ssh rocketgit@host create-account --ssh-key `cat key.pub` <name>.
ssh rocketgit@host disable-account <name>.
Of course, check rights.
[ ] Add unit testing for high level functions.
[ ] Add unit testing for plans and rg_user_over_limit.
[ ] Switch to *_high_level functions.
[ ] When user press submit in a form and session expired, save in a cookie all
data, invite user to login and redirect to old page will all fields
filled in! But if the user is in a cafe, s/he will lose that info.
Better store locally.
[ ] Add rights for "Transform merge request in e-mail".
[ ] Check if all forms keep old values in case of an error.
[ ] Limit the number of e-mails to not flood the inbox.
[ ] Record in some stats how long took a push in terms of cpu/time/etc.
[ ] We should have a log with logins, not only last_login per user.
So, we should have an event on login and explode it in several queries.
Also session may be updated from this event, but still with a 1 min gap.
[ ] A script to check if all CSS classes in templates are present in css file.
[ ] Export/import a repo (xml maybe).
[ ] Add groups.
[ ] We should warn the user if some users have lower rights than the default!
[ ] Auto-create repos at clone phase, not only at push phase.
[ ] The link to a note should have an anchor to be able to go directly to the note.
[ ] bug tracker is private? If the repo is, it should be also.
[ ] When you watch a project, a note add to a bug will notify that watcher?
Or we limit to edit/add/close bugs?
[ ] We should also add organization/user next to repo in e-mails.
[ ] Feature to be able to mark a note and the rest under it as read?
[ ] Return error in rg_*_info( when you do not have access?
[ ] SELinux: is not clear how I use SourceX: for .if/.te/.fc.
[ ] SELinux: what about rocketgit_t access to postgresql through apache?
[ ] Check why only 'tageted' policy is installed.
[ ] Should I move the socket to /var/run (using tmp.d)?
[ ] Bug:List: saved searches with spaces inside the name are not correctly escaped.
Use _ instead of space, or properly escape it (ugly: %20 etc.)?
[ ] "if ($res === FALSE) break" must set the error message!
[ ] Careful order the events. We do not want to build list notifications
before adding a user to the watch list.
[ ] If description is empty, do not insert a \n in 'new repo' e-mail.
[ ] Current menu is not correctly shown as selected.
[ ] If the confirmation code is truncated, an internal error is generated
instead of a user error!
[ ] Third option: anybody can create an account but must be validated by admin.
[ ] After creating the account, keep the user logged in and allow login
even if is not confirmed (option in config).
[ ] When I close a bug, seems I add myself to the watch table again!
[ ] Should we load the lables in rg_bug_info?
[ ] Do we need a rg_bug_cosmetic for notes/users/repos/etc?
[ ] when rights are revoked, also the watch list must be checked.
[ ] When adding a note, add also a checkbox to watch that bug?
[ ] Integrate remote_add.html.
[ ] When I edit a bug, should I remove notes and add_note form?
[ ] Add possibility to add/remove labels when adding a note?
[ ] Bugs: show what filtering is active.
[ ] Seems I cannot push to rg1! Do an update and check again?
[ ] Bug: Do not allow adding labels if you do not have admin rights.
[ ] Bug: Do not allow close/assign/etc. if you do not have admin rights.
[ ] Menu must be loaded from template.
[ ] Remove any HTML from code.
[ ] List on the first page the latest commits.
Do not forget to exclude private repos.
[ ] Should we expire the reset password token? Why?
Somebody can request another one!
[ ] It is not clear that the owner has full rights (repo->admin->edit).
[ ] Allow editing of bug searches.
[ ] Admin: add a feature to become any user. This way we will not duplicate
a lot of code for editing users/repos/etc. Allow admin to switch
identities at will.
[ ] Admin: add a feature to reset all passwords.
[ ] Forgot link must use paras and not a parameter. This way we short the URL.
Maybe send both HTML and plain e-mails?
[ ] Check best practices for salt/pass/forgot pass etc.
[ ] Create a unique index on users(username,organization)?
[ ] We have a little problem: we need the ssh keyring to regenerate fast but
we may have a big events queue. We may want to signal directly
the regeneration script and to not store mark-dirty state. Hm.
[ ] Optimize keyring invalidation. Store in cache the ts of last regenerate and
ignore request before that timestamp.
[ ] We should make stuff more robust. For example: CREATE REPO + HISTORY_INSERT.
[ ] We have to record the renaming in the repo history.
[ ] What happens if a user is doing a downgrade? Must not allow it.
[ ] Use another home page for logged in users.
[ ] repo_invalidate_cache does an implode that can reorder. Use repo_id as key?
No. But use some combinations of paras.
[ ] Why we use "FOR UPDATE" on 'events' table?! events.php is the only user.
[ ] We need to parallelize the event processing.
[ ] Check if there are unused parameters after name2base(_path).
[ ] Remove any trace of $rr.
[ ] How to deal with browser accessing an old name (after rename)?
[ ] repo.php tests does not say "ok".
[ ] Functions from util.inc.php set rg_util_error(). Use it.
[ ] Remove all "exit(?)" calls.
[ ] Locking is done in global dirs for tests. Use a local folder!
[ ] We must provide a way to propagate errors from events!
[ ] repo.inc should not depend on user.inc!
[ ] rg_repo_info will have almost the same paras as rg_user_info!
[ ] Add a maximum time to keep logs.
[ ] Do not allow double ssh keys in database! Because when we output them
in authorized_keys ssh will use the first one!
[ ] Move everything 1 month back to simulate next month for slave tables.
Better, do a unit test.
[ ] To not wake up many times (for every sub-event), cache what was done
(or max(id)) and ignore that wake-ups. Of course, W will become W<ev_id>.
[ ] If session expired and the user is trying to access a repo page, PHP errors
occurs. I think is related to login_ui/repo_ui.
[ ] Unify repo_create with repo_update, as user_*.
[ ] Clean notification inputs before starting to work to not receive a lot of
them after processing is done.
[ ] Description should not be present anywhere (web). Takes space.
[ ] Seems that ls \.\. works. Check from security pov.
[ ] Profiling in not re-entrant. We should use a stack!
[ ] We should not store repo_id0 into cache!
[ ] We are redirecting the user to history page. Do not wait for git dir!
[ ] Set a policy in config.php and do the cleaning/compress of the log files.
[ ] Fix the mail headers (+dkim) to avoid spam.
[ ] http://joeyh.name/blog/entry/git_push_over_XMPP/ (ialbescu)
[ ] Graphics with database/table/index sizes.
[ ] Add history also for user.
[ ] template_table can deal with a FALSE para: load error.html file in list/
[ ] Put in history how many visitors received.
Maybe only when hitting some limits?
[ ] Run shaX 1000 times for login?
[ ] There is no back button in tree browsing.
[ ] Allow users to have templates repo to be used when creating a new repo.
Also define global templates.
[ ] GeoIP
[ ] Specify a timeout for push/fetch.
[ ] Describe also the installation.
[ ] Allow search from the first page.
[ ] Send notifications when a user is given rights to a repo.
[ ] Detect hexa strings and link them to commits.
[ ] Any user on a machine can look at repositories.
Any user can connect to database. Fix also the README after fixing this.
[ ] (Commercially) Provide OpenVPN tunnels to be sure you can push/fetch safely.
[ ] Errors should signal what field is not ok.
[ ] Also log errmsg[] array!
[ ] Add possibility to download the "CV" of a user.
[ ] Happy birthday for projects/users/etc.
[ ] Check if we remove rocketgit, the repos stay!
[ ] Bug rights: add note, anonymous add note, add label, add global search.
[ ] Allow user to specify if is on windows/linux/etc. to be able to give
specific hints. Hm. The user may have multiple OSs.
[ ] http://rg.embedromix.ro:8000/user/catab/a13/admin/rights?edit_uid=19
should give an error!
[ ] Pay attention to: https://github.com/sitaramc/gitolite/wiki:
Please DO NOT send me pull requests via github. Instead, send me an
email saying what URL and what branch to pull. (The pull system forces
a --no-ff even if the merge is at the top of my branch and doesn't
need one. It also gives me no chance to fix up minor typos, add any
more text to the commit message, etc. I can do that afterward, but
this forces a "push -f" or a trivial "typofix" commit).
[ ] We should have a 'domain' variable for virtual hosting and use them in
paths for locks/queues/repos etc.
[ ] Merge requests should use a shorter path? What if a merge request is for
other branch?
[ ] See diff for merge requests.
[ ] On master, list clones.
[ ] Configuration: switch for SSL only.
[ ] Internal mailing list? Or internal mail?
[ ] We should have a cron/q/remote for every config file!
Or, at least, to be host aware.
[ ] Install text files in /usr/share/doc
[ ] JUNK1/JUNK2: http://rg.embedromix.ro:8000/user/catab/rocketgit/commit/afd1df2..f919c9b
[ ] rg_log: why the fd is NULL?!
[ ] We are escaping when we insert in database _and_ when we output on screen!
What should we do?
[ ] Add permission to add bug tracker to a project.
[ ] When repo is empty, we should not show the Log/Tree menu.
[ ] @@branch@@ is not defined for merge requests. Should it? Probably yes, to filter them.
[ ] Fix diff output. Cannot deal with renames/removes/etc.
[ ] Check admin creating of an account.
[ ] Add possibility to reject merge requests, to apply, to delete etc.
[ ] Do we need to escape some chars in console (ssh rocketgit@host repo X)?
[ ] We need to switch to a template for the user form to get rid of a lot of
mambo-jumbo with the _u array passed!
[ ] Show the API on the webpage, exactly like Blender.
[ ] Migrate to a single function to deal with a request so we can do better
unit testing.
[ ] We should have a 'policy' table where we have something like:
ID max_speed max_users max_disk_space
and every user is associated with such a policy, based on payments etc.
Example: user X paid some money, and we assign it to level 2
Level 2 has 4 users, max 100MiB disk space, 1Mbit/s speed.
He creates a repo and assigns 2 users to it.
[ ] Notifications when disk space is low.
[ ] Check webSSO for authentification.
[ ] Check http://gitlist.org/
[ ] Enforce Signoff-by lines per project (a new permission)
= reject commits without signoff!
Maybe, do it generic, allow a text field to enumerate what should be in a commit!
Also, present a list with checkboxex: at least Signoff-by, Reported-by, Acked-by!
[ ] Linus on why GitHub sucks: https://github.com/torvalds/linux/pull/17#issuecomment-5654674
- Valid name and valid e-mail address
- Why the destination should pull?
- A shortlog of the changes (1 line)
- A proper diffstat
- changelog should be shown with a monospace font?
- First line should be <= 50 chars (short log); then an empty line
- Rest of commit message to be wrap at 72 chars.
- Use git-request-pull for merge requests?
- Exemplu de pull rquest ok: https://groups.google.com/forum/#!topic/linux.kernel/w957vpu3PPU
-
[ ] We need to have a link to current comment/etc.
[ ] Warn if commit messages are too long (no wrap).
[ ] Allow the possibility to send an e-mail to maintainer from web with a pull request
[ ] Merge requests e-mail: explanation of why to pull, diffstat! Maybe also the
patch if is small.
[ ] Check git-request-pull
[ ] Logo for project. Blender?
[ ] Default branch per project[/user].
[ ] Main language of the project.
[ ] Web site for a project.
[ ]
== Normal priority ==
[ ]
[ ] Add hint about "ssh rocketgit@server" to quickly find status etc.
[ ] rg_redirect does not record profiling information!
[ ] git bundle
[ ] How to sign merge requests?!
[ ] Store in a cookie the last uid used, and if > 0, look-up e-mail and pre-fill
forgot password e-mail field. Not good. An attacker may iterate over all
uids. But, with a token will be nice!
[ ] Yeah BitBucket's pricing is much better they only charge on the number of collaborators.
[ ] Permit "log" to see more rows.
[ ] Make an option to not allow a client to upload keys. Why?
To restrict this to admin?
[ ] Can we bypass ssh auth to allow pushes?
This way maybe we can identify client by fingerprint.
[ ] Use rg_git_diff_tree to test for path based restrictions. Also, take care of renames, copies etc.
[ ] See Gerrit: https://codereview.qt-project.org/#change,22764
[ ] user-conf: option: auto-create-repo-on-push
[ ] Use git push to do all kind of commands: create repo, delete repo, update description etc.
[ ] Optionally init a repo with some files (README, TODO etc.)
[ ] Check https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html
[ ] Add RocketGit to https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html
[ ] Add a dependency on sendmail.
[ ] Improve e-mails to not be considered spam.
[ ] Statistics (number, tool etc.) for project access.
[ ] For bug-tracker use BerliOS as a starting point.
[ ] Allow (anonymous) editing files on web and transform them in merge request.
How to bundle multiple edits in a single commit?
[ ] On the first page no search form! It is useless!
[ ] Add stats for a repo. Some stuff is already in git.inc.php.
[ ] Anti-spam: hide e-mail addresses!
[ ] Check if a merge request was integrated (hm; what integrated means?!) and
signal this in merge requests list?
[ ] Add rg_branch_allow_chars and rg_tags_allow_chars.
[ ] repo/tag|branch/<name> page should put next to the commit also the tag/branch.
[ ] Order tags by mtime desc.
[ ] rg_repos should be split in rg_repos and rg_var_lib.
[ ] $blocks = explode("@@left@@-=ROCKETGIT=-@@left@@", $a) - seems that \0 is replaced!
[ ] Check XSRF attacks and other types.
[ ] Validate e-mails.
[ ] Take care of PHP's time limit to not interfere with the rest.
[ ] Differentiate between owner of a repository, currently logged in user and admin.
[ ] Warn before deleting a repo!
[ ] Switch all menus to templates.
[ ] Check double slashes in URLs.
[ ] Automatically create user on anonymous push?
[ ] I am not sure I can reload xinetd and httpd from spec file
[ ] Check SELinux context on /var/lib/rocketgit
[ ] admin: "Lock all accounts" and "Reset password for all accounts and send mail".
[ ] Get memory statistics from /proc.
[ ] Add support for refs/notes/ pushes.
[ ] When logging _SERVER variables, log only the ones prefixed by ROCKETGIT_.
[ ] Ask password when doing any critical change of the account and send mail.
[ ] Add a possibility (link shown in push message) to delete/update/etc. the
merge request.
[ ] Allow a nonstandard port for web.
[ ] Put form error messages next to the label.
[ ] favicon.ico is not in theme! Should we put it in HTML?
[ ] Create unit testing for all functions.
[ ] Test error code for rg_sql_query.
[ ] Log $ret['errmsg'] for rg_exec
[ ] Audit code to replace parts with rg_internal_error.
[ ] Allow SSH keys per repository (only)?
[ ] Allow remote 'gc' of a repo, besides an automatic one.
[ ] Take care of caching of passwords. Maybe allow a purge of a file from browser?
[ ] "Lock" button to temporary block access to repository.
Only owner will have access.
We may add also a text that will be output to clients.
[ ] List changes introduced by a merge: git diff-tree --always [--cc] -m -p f7d5b5770f4c6b5a124dad6358bed310d56bf909
[ ] Check pack-protocol.txt!
[ ] When push is executed with success, show a nice message from RocketGit.
[ ] Move is_private member in repo array, not test for empty on default rights
[ ] Move default rights to rights table - I do not remember why.
Maybe for consistency.
Ah, yes, also to be able to set rights per branches and per files.
[ ] Log files may be written per repo and per user, with locking...
[ ] Push may be always allowed - but will be done as a merge request! Cool.
Disk space accounting?
[ ] We should make a repo dirty only if user pushed something with success.
[ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
[ ] Allow to recover a deleted repository.
[ ] Deny access in all functions to deleted repositories.
[ ] Count the numbers of clones/pushes/pulls.
[ ] Allow to configure the limit of the patch size to prevent abuses.
[ ] Allow to configure to refuse binary files.
[ ] E-mail aliases section.
[ ] User details section (blog, avatar, mail notifications).
[ ] UTF-8 checks of patches.
[ ] W3C validation on all pages.
[ ] Validate user and repo names. Probably other things.
[ ] What happens if a user is suspended? Do we allow forgot pass sending?
[ ] Do not allow session updates/any command if user is suspended after his/her login.
[ ] Timeout for connections (ssh/git-daemon/etc.)!
[ ] Check if we have to respect 4HEXA also on SSH. I think not.
[ ] Limit number of simultaneously connection per repo and per user.
Maybe also the time!
[ ] Allow multiple virtual hosts, with different configurations.
[ ] session_time should be set at login time? And/or default s_t should be set from database?
[ ] Do not let user upload an already uploaded key.
[ ] Do not permit more than X auth attempts per second.
[ ] See prepare-commit-msg.sample - we can auto add a line to every commit.
[ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN
[ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place?
[ ] Limit number of commits per push.
[ ] RSS
[ ] Config file must be able to be set from a env var, to be able to run
multiple instances of rocketgit on the same server.
[ ] Smart HTTP transport
[ ] Move forget pass token into users table.
[ ] Audit all error messages to not propagate useful info to an attacker.
Split in two error messages: one for logs and one for user.
[ ] git-daemon connection - cannot get IP info? setenv?
[ ] Do not show sub-menus if user is not logged in on repopage (ialbeascu)
- duplicate menus?! maybe add an admin link in repopage that goes
to repo.
[ ] Nice graphic (unrelated to git): http://tctechcrunch2011.files.wordpress.com/2011/07/hadoop2.png?w=640
[ ] git-notes may be used to attach messages to commits. Nice.
[ ] Store also the size of the patch along history/commit info.
[ ] Check SELinux MLS
[ ] Deal with empty repositories (rg_git_ls_tree etc.).
[ ] Show age of an user/org/repo. Example: 1 year, 3 months, 4 days.
[ ] The rewrite engine should pass a single op for user and for org, but with
para org=0 or 1.
This is to have the same page for both types of users.
[ ] From: http://lwn.net/Articles/460376/
I can confirm that shortcomings with Gitorious' ACL systems were
definitely one of the reasons we ended up deciding against it --
it's just not fine-grained enough and made it impossible to achieve
the balance of project maintainer / repo manager autonomy and
fool-proofness we wanted. gitolite makes us super-happy in that regard
now, though.
We use a Gitorious instance where I work. One thing that seems
impossible to do is have custom hooks. Everything must go through
Gitorious' global hooks. If there's a way around this (new version,
black magic, whatever), I'd love to hear it.
[ ] Allow git over TLS on a specific port (gits://...).
[ ] KDE: http://news.ycombinator.com/item?id=2972107
[ ] To investigate how gitolite is dealing with pushes without custom daemon.
[ ] Record in notes who pushed a commit first, for trace reasons?
[ ] Add support for hooks/pre-receive-signature
[ ] Work flows: Allow user to edit work-flows. For example:
- A merge request that is approved in a MR queue will make it
automatically to the specified queues.
[ ] At push time we may generate some nice informative output (commits,
last time when current user commited etc.)
[ ] Bulk add users/teams/repos/bugs/etc.
== Low priority ==
[ ] If a user has no push access and creates merge request, but the owner pushed
nothing, ssh cloning gives errors about HEAD not found.
== Graphics ==
[ ] http://static.phpcloud.com/images/banner/phpcloudcom-spaceship-banner-970x404px.jpg
[ ]
== Versus ==
* http://www.wikivs.com/wiki/GitHub_vs_Gitorious
* http://unfuddle.com/about/tour/plans
* bitbucket.org
*
== To recheck ==
* http://techbase.kde.org/Projects/MovetoGit#Post_Update_hooks
*