From: Jonathan Leonard <johanatan@gmail.com>
To: Jens Lehmann <Jens.Lehmann@web.de>
Cc: git@vger.kernel.org, John Albietz <inthecloud247@gmail.com>
Subject: Re: .gitmodules containing SSH clone URLs should fall back to HTTPS when SSH key is not valid/existent
Date: Thu, 29 May 2014 16:12:38 -0700 [thread overview]
Message-ID: <CA+OJ3utofb+od5uct4HF1yoQGfWgX7YTn4hPChDpC7LTFVJDYQ@mail.gmail.com> (raw)
In-Reply-To: <53871B8D.40608@web.de>
> But you do not give much information about your special use
> case. I assume you have submodule repositories for which some
> developers have a valid ssh key and others don't (maybe
> because they should only have read access via https)?
>
Precisely. Specifically this is for a collection (17 or more) of
GitHub-hosted projects which are maintained by only a couple of people
(who have the ability to directly push via git:// or ssh://).
Everyone else (including deployments and ordinary users) who clones
the repo should be able to just grab the code via HTTPS and have it
work.
> If that is the case you might want to look into access control
> tools like gitolite.
>
We are using GitHub.
>> Lack of this feature (or presence
>> of this bug [depending on your perspective]) is a major PITA.
>
> But why is https special? Why not fall back to the git
> protocol? Or http? (And no: I'm not serious here ;-)
>
HTTPS isn't special except in that it is the least privileged
transport type (and thus should be the last resort). Whether to
fallback to git:// from ssh:// or vice versa is inconsequential to
this request.
> After the first failed clone of the submodule at via SSH the
> developer could also just do a
>
> git config submodule.<name>.url https://host/repo
>
> and override the URL from .gitmodules.
>
Yes, this would work. But it would be a painful manual step which we
would not want to force on ordinary users (and would not want to
experience ourselves either).
It should be noted that this is only really a problem as the other
options GitHub gives us are also equally (or more) painful:
a) - a unique deploy key per machine and project. (which at current
would be 17 * 3 keys all manually maintained via clicking through a
GUI [unless we wanted to automate via GitHub API (which is also a
non-trivial amount of work)]).
- or -
b) - a fake 'team' with read-only access with a single fake GitHub
account as member thereof.
I imagine this feature would be convenient for non-GitHub scenarios as
well though.
--Jonathan
next prev parent reply other threads:[~2014-05-29 23:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-29 2:07 .gitmodules containing SSH clone URLs should fall back to HTTPS when SSH key is not valid/existent Jonathan Leonard
2014-05-29 11:35 ` Jens Lehmann
2014-05-29 18:49 ` Junio C Hamano
2014-05-29 23:12 ` Jonathan Leonard [this message]
2014-05-29 23:56 ` Jeff King
2014-05-30 4:51 ` Chris Packham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+OJ3utofb+od5uct4HF1yoQGfWgX7YTn4hPChDpC7LTFVJDYQ@mail.gmail.com \
--to=johanatan@gmail.com \
--cc=Jens.Lehmann@web.de \
--cc=git@vger.kernel.org \
--cc=inthecloud247@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).