On Mon, 4 Jun 2018 15:34:48 -0400, Steve wrote in message
<20180604153448.5a9ec914@???>:

> Hi all,
>
> Timing is everything. I was about to put my Stylz project on GitHub.
> No more.
>
> GitLab's a maybe, but unexpected bad stuff happens in Open Source too:
> systemd, Caldera going to the dark side, etc.
>
> My understanding, from reading man pages of a very few git commands,
> is that git comes with a server to serve out read-only access to my
> repository. And for those few with push/commit/branch rights, I can
> give them ssh logins, key access only.
>

> 1) Can I put the preceding in a sandbox from which limited harm can be
>    done?

>

> 2) Can I enforce that those keys must have passwords? Passwords of a
>    certain length and quality?

..you _can_ chk for empty strings, e.g.:
arnt@d44:~/skatten$ echo "" |md5sum
68b329da9893e34099c7d8ad5cb9c940 -
arnt@d44:~/skatten$ echo |md5sum
68b329da9893e34099c7d8ad5cb9c940 -
arnt@d44:~/skatten$ echo|md5sum
68b329da9893e34099c7d8ad5cb9c940 -

..maybe a 2 step login, first to "ssh-guest", then on to "git-guest"?
(Never tried it myself)

> 3) What security precautions must I take if this is on my daily driver
>    desktop?

..this is a no-brainer: Put it on its own disk in its own box.
Even if you can afford losing your own daily driver desktop,
you can _not_ afford to lose other peoples work.
_That_ will piss them off, _hard_.


--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.