openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #22441
Re: Gerrit Review + SSH
Thank you all for the reply and I agree on thoughts that we don't have to
change we operate in openstack development. But yes, this particular
requirement MUST be highlighted on the contribution page such that people
can take notice of it.
On Fri, Apr 5, 2013 at 5:07 AM, Sean Dague <sean@xxxxxxxxx> wrote:
> On 04/04/2013 05:31 PM, Jeremy Stanley wrote:
>
>> On 2013-04-04 22:11:10 +0100 (+0100), Daniel P. Berrange wrote:
>> [...]
>>
>>> I don't know how hard it would be for OpenStack Infrastructure team
>>> to officially make Gerrit available via port 443, in addition to the
>>> normal SSH port.
>>>
>>
>> We'd need to use different hostnames mapped to different IP
>> addresses since 443/tcp is already in use on review.openstack.org
>> for, well, HTTPS (the availability of fancy proxies which can
>> differentiate SSH from SSL/TLS notwithstanding--do those exist?).
>>
>> The bigger question is whether it's worth the effort to maintain a
>> workaround like that... are there companies who want their employees
>> contributing to OpenStack development but won't grant those same
>> developers access to our code review system over the Internet? If
>> so, maybe some brave soul will take pity on them and set up a TCP
>> bounce proxy somewhere on port 443 to forward to port 29418 on our
>> Gerrit server for Git+SSH access on an alternate address and port. I
>> don't think that would need any sort of buy-off from our
>> Infrastructure Team (we can discuss if someone's actually interested
>> in setting it up), but probably wouldn't be "official" all the same.
>>
>
> I'm with Jeremy, I think putting work arrounds into infrastructure to deal
> with companies setting up their networks in completely uncollaborative
> ways, is just a slipperly slope to craziness.
>
> It's probably worth documenting the services one needs to be able to
> effectively collaborate with the community on a wiki, to give folks
> something to take back to their IT depts and say "punch these holes,
> otherwise we can't do our jobs". A page on openstack.org about that would
> probably give them more leverage than figuring it out themselves.
>
> -Sean
>
> --
> Sean Dague
> http://dague.net
>
>
> ______________________________**_________________
> Mailing list: https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
> More help : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>
References