AWS 推出 Git Hook,阻擋 AWS 的 Key 被傳到 Git 上...

AWS 推出的工具,可以阻擋 AWS 的 Key 被傳到 Git 上:「awslabs/git-secrets」。可以看到說明:

git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. If a commit, commit message, or any commit in a --no-ff merge history matches one of your configured prohibited regular expression patterns, then the commit is rejected.


AWS 的 CodeDeploy、CodeCommit、CodePipeline

這次 re:Invent 的另外一個重大發表:「New AWS Tools for Code Management and Deployment」。

講的簡略一點,AWS CodeDeploy 是處理程式的 deployment,CodeCommit 是 Git hosting,CodePipeline 是 hook。

不過目前只有 CodeDeploy 可以用,其他兩個還沒好:

CodeDeploy is launching today and you can start using it now. Please stay tuned for more information on CodeCommit and CodePipeline!

以往是自己兜這些方案出來,現在是 AWS 直接包好提供...

把 Git commit 切開

在「Split a commit in two with Git」這邊看到有趣的方法:

git rebase -i <oldsha1>
# mark the expected commit as `edit` (replace pick in front of the line), save a close
git reset HEAD^
git add ...
git commit -m "First part"
git add ...
git commit -m "Second part"
git rebase --continue

squash 是把多個 commit 合起來,這個方法是拆開。還沒有 push 出去,需要整理時應該會用到...

PostgreSQL 對 security update 的極端作法...

Hacker News 文摘上看到,PostgreSQL 決定對這次的 security update 採取最極端的作法:「Extra security measures for next week's releases」。

包括全面管制 Git repository 公開資訊:官方的 Git repository 將會在正式釋出修正前限制只有 committer 可以存取,並且暫停 GitHub 以及其他 git mirror 權限。

另外 mailing list 也受到管制,包括了 src commit log 以及 document commit log。

信件開頭就提到這次安全性漏洞足以說服 PostgreSQL 的人採取最極端的作法,避免在有修正方案前造成漏洞洩漏出來被使用:

The core committee has decided that one of the security issues due to be fixed next week is sufficiently bad that we need to take extra measures to prevent it from becoming public before packages containing the fix are available. (This is a scenario we've discussed before, but never had to actually implement.)

不過這反而讓人更關注,甚至上了 Hacker News 熱門榜...