Page MenuHomePhabricator

track accounts who did git clone
Closed, WontfixPublic

Description

Is there a way or mechanism to track which account did a git clone of a specific branch or repo for analytic purposes?

Event Timeline

caov297 created this task.Sep 30 2015, 9:30 PM
caov297 updated the task description. (Show Details)
caov297 added a subscriber: caov297.
chad added a comment.Sep 30 2015, 10:47 PM

Off hand, what do you want/need this information for? We have little 'analytics' in Phabricator and likely won't for some time. T1562 covers that in better detail

The main reason for this was to see every month what's the usage of our company's SDK repository that was being downloaded/pull/clone from our partners to help in infrastructure. It also helps us to track which partner accounts that have downloaded to notify if a critical bug or vulnerability that been patch so they can retroactively merge our fix into their codebase. Our "public" repo acts like a simple download portal for partner to get our code that we push to, while actively development is done in a internal GIT environment. So partners would just clone our code and stuff it into their own development environment to be worked on. So having this analytic helps.

epriestley closed this task as Wontfix.Oct 18 2015, 3:17 PM
epriestley claimed this task.
epriestley added a subscriber: epriestley.

We may have some support for this after T1562, but probably will never have sufficiently granular upstream support to solve this particular problem. I don't anticipate ever disclosing who cloned things in a web-accessible way.

If you haven't already, you might consider having your software "phone home" instead -- I think that's a more common solution to this problem, and avoids cases where some code is cloned but not actually put into production, for example, or the version is manually rolled back. Generally, I think the described approach to the problem is unusual and some version of "phone home" is almost always used in cases I'm familiar with -- if it's acceptable, it's more reliable and more flexible (e.g., the UI can potentially show a warning about a security problem instead of requiring you to email the client).

I think you can also indirectly pull this data out of the Phabricator access logs and/or Phabricator SSH logs, although that will be somewhat involved.

It's possible we might keep detailed pull logs after T1562 to support other scenarios (e.g., vanity "how many users cloned this" graphs for open source projects) which you could pull into a view of this data, but that's a long way away (definitely not any time in 2015).