[Development] Contributing to the Qt Project behind a hefty firewall and proxy server

mark.keir at nokia.com mark.keir at nokia.com
Mon Jul 16 08:47:51 CEST 2012 

Is the use of corkscrew and or socat something that should be made more widely known?
http://sitaramc.github.com/tips/git-over-proxy.html
http://omappedia.org/wiki/Gerrit
It is possible to use this method with direct outbound port 80 and 443 connections or proxied connections using squid (3128), port 8080 proxies etc.  Just make the required substitutions for the host and port numbers for your internal network structure.
BR
Mark

-----Original Message-----
From: development-bounces+mark.keir=nokia.com at qt-project.org [mailto:development-bounces+mark.keir=nokia.com at qt-project.org] On Behalf Of ext Laszlo Papp
Sent: Saturday, July 14, 2012 2:45 AM
To: Thiago Macieira
Cc: development at qt-project.org
Subject: Re: [Development] Contributing to the Qt Project behind a hefty firewall and proxy server

> But let's make sure that we are NOT recommending that people 
> circumvent IT network policies. If the IT infrastructure blocks the 
> traffic, then they must have a reason for it. It can be because:
>
> 1) the block is overly broad and shouldn't be there or
> 2) the block is intentional and the Git/Gerrit/SSH traffic should not 
> be permitted
>
> We simply don't know which it is. The use by that user of the SSH 
> server running on port 443 could lead to a violation of the corporate 
> network security policy. We must make it clear that we are not 
> responsible and that the user must figure that out with their people.
>
> Which leads me to my suggestion: if your firewall blocks the traffic 
> to port 29418, create the IT ticket now and get an approved way of doing Gerrit traffic.
> Follow the company's procedures.

+1

> And the best way to ensure that it gets done is to prove that you 
> cannot work without the solution. Prove it by spending a week idling 
> because you could not do your work. That's also valid for consultants.

I personally believe that, this is not the good practical approach of achieving those goals or getting a good impression at the company, but it depends on the supervisor and management as well, I guess. :-)

> Yes, I have worked for big companies and I still do. In both Nokia and 
> Intel, there are approved ways of accessing those ports that don't 
> involve circumventing the security policy.

The situation is simpler with big companies like Nokia and Intel since they work on open source projects as well, and some of those are hosted publically using Git, SSH, and so forth as you enumerated.
Therefore, it is quite reasonable to have that internal support in place by default. This is unfortunately not the case for many big companies.

Best Regards,
Laszlo Papp
_______________________________________________
Development mailing list
Development at qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

More information about the Development mailing list