Open up account registrations to the public
This issue tracks requirements for what we need in order to feel confident to open Keycloak (and therefore GitLab up to the public).
- User registration security audit
- Sensible password restrictions
- Recaptcha for user registration (#35 (closed))
- Login flow audit
- GitLab security audit
- Keycloak monitoring (#23)
- GitLab monitoring (#14)
- Review secure Gitlab runner (#74 (closed))
- GitLab secure runner for our own projects with proper restrictions (#32 (closed))
- Audit security of public runners (#8 (closed))
- Add github.com as identity provider (#2 (closed))
-
Add gitlab.com as identity provider (#40 (closed)) - Allow incoming mail on GitLab (#3 (closed))
- Enable Keycloak event logging (#68 (closed))
- Finish Arch theme of Keycloak (!28 (merged))
- Research fine grade permissions for externals (#9 (closed))
- Fix GitLab backups (#118 (closed))
- Validate GitLab backups
- Validate Keycloak backups
- Show closed items
Is blocked by
Relates to
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Sven-Hendrik Haase added statusin-progress label
added statusin-progress label
- Sven-Hendrik Haase added to epic &2
added to epic &2
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase mentioned in merge request !15 (merged)
mentioned in merge request !15 (merged)
- Sven-Hendrik Haase marked the checklist item Allow incoming mail on GitLab (#3 (closed)) as completed
marked the checklist item Allow incoming mail on GitLab (#3 (closed)) as completed
- Sven-Hendrik Haase marked the checklist item Add github.com as identity provider (#2 (closed)) as completed
marked the checklist item Add github.com as identity provider (#2 (closed)) as completed
- Sven-Hendrik Haase marked this issue as related to #3 (closed)
marked this issue as related to #3 (closed)
- Sven-Hendrik Haase marked this issue as related to #40 (closed)
marked this issue as related to #40 (closed)
- Sven-Hendrik Haase marked this issue as related to #2 (closed)
marked this issue as related to #2 (closed)
- Sven-Hendrik Haase marked this issue as related to #8 (closed)
marked this issue as related to #8 (closed)
- Sven-Hendrik Haase marked this issue as related to #32 (closed)
marked this issue as related to #32 (closed)
- Sven-Hendrik Haase marked this issue as related to #14
marked this issue as related to #14
- Sven-Hendrik Haase marked this issue as related to #23
marked this issue as related to #23
- Sven-Hendrik Haase marked this issue as related to #35 (closed)
marked this issue as related to #35 (closed)
- Levente Polyak marked the checklist item User registration security audit as completed
marked the checklist item User registration security audit as completed
- Levente Polyak marked the checklist item Login flow audit as completed
marked the checklist item Login flow audit as completed
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase marked this issue as related to #68 (closed)
marked this issue as related to #68 (closed)
- Sven-Hendrik Haase marked the checklist item Enable Keycloak event logging (#68 (closed)) as completed
marked the checklist item Enable Keycloak event logging (#68 (closed)) as completed
- Sven-Hendrik Haase marked the checklist item Audit security of public runners (#8 (closed)) as completed
marked the checklist item Audit security of public runners (#8 (closed)) as completed
- Sven-Hendrik Haase marked this issue as related to #69
marked this issue as related to #69
- Sven-Hendrik Haase marked the checklist item GitLab security audit as completed
marked the checklist item GitLab security audit as completed
- Sven-Hendrik Haase marked the checklist item GitLab secure runner for our own projects with proper restrictions (#32 (closed)) as completed
marked the checklist item GitLab secure runner for our own projects with proper restrictions (#32 (closed)) as completed
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Jelle van der Waa changed the description
Compare with previous version changed the description
- Developer
A concern was raised that users could create private repositories and use our Gitlab as a Github service. Should we disable private repositories?
1 Collapse replies - Contributor
Also, users shouldn't be able to create a lot of repositories by default. 2 or 3 should be enough, they can always request more. Basically we only want them to fork stuff they want to support.
- Author Developer
I haven't found a way to restrict number of repos per user by default. Any hints?
- Contributor
Private Repos can be disabled here in "Visibility and access controls ": https://gitlab.archlinux.org/admin/application_settings/general
On the same page is a setting for "Account and limit - Default projects limit" – is that globally or per User?
EDIT: @svenstaro yes that limit is the per-user-default. I set it to 42 and created a new user who then had 42 as the limit (which I could increase as needed).
Edited by hashworks - Author Developer
Ok makes sense. I set it to 50 and restricted Private and Internal repos.
- Developer
What about #79
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase marked the checklist item Review secure Gitlab monitor (#74 (closed)) as completed
marked the checklist item Review secure Gitlab monitor (#74 (closed)) as completed
- Sven-Hendrik Haase marked the checklist item Review secure Gitlab monitor (#74 (closed)) as incomplete
marked the checklist item Review secure Gitlab monitor (#74 (closed)) as incomplete
- Sven-Hendrik Haase marked the checklist item Finish Arch theme of Keycloak (!28 (merged)) as completed
marked the checklist item Finish Arch theme of Keycloak (!28 (merged)) as completed
- Jelle van der Waa changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase mentioned in issue #130
mentioned in issue #130
- Levente Polyak changed the description
Compare with previous version changed the description
- Jakub Klinkovský mentioned in issue #142 (closed)
mentioned in issue #142 (closed)
- Sven-Hendrik Haase marked the checklist item Keycloak monitoring (#23) as completed
marked the checklist item Keycloak monitoring (#23) as completed
- Sven-Hendrik Haase marked the checklist item Research fine grade permissions for externals (#9 (closed)) as completed
marked the checklist item Research fine grade permissions for externals (#9 (closed)) as completed
- Sven-Hendrik Haase changed the description
Compare with previous version changed the description
- Sven-Hendrik Haase marked the checklist item Fix GitLab backups (#118 (closed)) as completed
marked the checklist item Fix GitLab backups (#118 (closed)) as completed
- Sven-Hendrik Haase marked the checklist item Review secure Gitlab runner (#74 (closed)) as completed
marked the checklist item Review secure Gitlab runner (#74 (closed)) as completed
- Sven-Hendrik Haase marked the checklist item Validate Keycloak backups as completed
marked the checklist item Validate Keycloak backups as completed
- Sven-Hendrik Haase marked the checklist item Validate GitLab backups as completed
marked the checklist item Validate GitLab backups as completed
- Author Developer
As part of !114 (merged) the backups were checked and restored from.
- Author Developer
Status: Waiting on terms of service documents to be validated by a lawyer.
- Kristian Klausen marked this issue as related to #130
marked this issue as related to #130
- Kristian Klausen mentioned in commit 10aa967e
mentioned in commit 10aa967e
- Kristian Klausen closed with merge request !15 (merged)
closed with merge request !15 (merged)