On Sat, Jul 02, 2016 at 04:18:42PM +0200, Bastien Guerry wrote: > Hi Nicolas, > > Nicolas Goaziou <m...@nicolasgoaziou.fr> writes: > > > GPG signing tags is OK, but I wouldn't like to request every commit to > > be signed. > > Agreed. > > >>> I know that https can be a bit tedious to setup so I am not asking for it > >>> (though I do think it would be great if it was enabled on the site in some > >>> fashion). > >> > >> HTTPS is not so tedious these days with Let's Encrypt. > >> > >> https://letsencrypt.org/ > >> > >> We should set up HTTPS as well. > > > I'm considering paying for a digitalocean instance, with https via > letsencrypt for both the website and git. > > I'm also considering switching from our current git setup to using > Gogs (https://gogs.io): this would ease the process of adding new > contributors, welcoming more org repositories, etc. > > The other solution would simply to use https://savannah.gnu.org. > > One remaining problem for both gogs and savannah is to ensure web > references to commits are correctly redirected, which I think is > one line of nginx configuration. > > I'm curious to know what people think about the switch to something > like gogs*. > > Thanks, > > * gitlab seems too heavy, and I'm more experienced in maintaining > gogs instances than gitlab instances. > > -- > Bastien > Not heard of Gogs before, although it looks nice. Another possiblity would be gitolite with cgit. Gitolite is very flexible and as a consequence can be hard to set up initially. The documentation is very comprehensive. It supports mirroring of repos.
-- Best wishes, Ian.
