One thing I'll say about GitLab (even if I'm not its biggest fan) their packaging/installation/upgrade is absolutely top-notch.<p>I've never seen anyone do it better and I've definitely never seen anyone do it with anywhere near such a complicated set of interrelated moving parts.
Well, that doesn't sound good at all. Think of all those providers (e.g. DigitalOcean) who offer "one-click" installers for applications like GitLab. Now think about the users who never (or rarely, if they're lucky) update those machines. I wouldn't be surprised if there's a lot of compromised VPSes and such running GitLab later this week.<p>And since one of the big reasons for running your own instance is to protect your private stuff -- things like source code, secrets, credentials, API keys -- it seems to me that this has the potential to be pretty wide-reaching and damaging.<p>So, who here gets to be one of the lucky ones that get to work late Tuesday? :)
Hopefully they backport it to the versions that still have api v3 support. Otherwise the time window for their deprecation of critical functionality and security updates is way too short.