Sunday, 22 February 2009

git fine-grained access control

If we are going to switch from CVS to Git we are going to need to implement the fine-grained access control features we have now. For example:
  • only certain users are allowed to commit to each branch.
  • only certain paths can be committed to on each branch.
  • only certain users are allowed to create tags in the central repository. (I'd like to get rid of this limitation, but it's there now. Perhaps only limit tag names that match a particular set of regular expressions.)
Since all of the software modules are released at similar times it makes sense it keep them all in one repository, and for internal security reasons the repository is probably only going to be accessible via HTTPS. This means that we won't be able to use Gitosis, which currently only works for SSH access.

Junio Hamano and Carl Baldwin have an update-hook-example that describes how to implement an access control hook script, so we will base things on that. Their example assumes that the user has logged in using ssh so they can use username=$(id -u -n) but since we are coming in via the web we'd have to use the REMOTE_USER environment variable instead.

I think it makes sense to use a configuration file that is similar to the Gitosis config file, which people are familiar with. This is just an ini file that can be parsed using Config::IniFiles or something similar to Gitosis::Config, so this shouldn't be difficult.

Something else worth looking at is gerrit, which describes itself as follows:

Gerrit is a web based code review system, facilitating online code reviews for projects using the Git version control system.

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer. This functionality enables a more centralized usage of Git.


  1. Video slots are the commonest sort of slot recreation that you will come across on-line. They may have nice graphics and nearly at all times have minimal of|no much less than} five reels. You may also often find a great assortment of various bonus options and particular rounds.

  2. Machinists at present have the luxurious of deciding which course of would work higher, given the specifics of every part. These technologies embody the host of producing advances which over the previous few decades have made all of best plungers these high-tech gadgets attainable. Say the word “technology,” and most of the people will think Apple, Microsoft, Uber, Facebook – all the companies and merchandise that appear to have essentially the most direct influence on our day-to-day lives as shoppers. On the other hand, CNC can be costlier, require more maintenance than other manufacturing methods and compel corporations to hire a skilled CNC programmer. As computers have become more mainstream, CNC machining has become essential in the manufacturing trade.

  3. Free 메리트카지노 spins are a common form of bonus, the place a sequence of spins are mechanically played at no charge at the player's current wager. Free spins are often triggered via a scatter of minimal of|no less than} three designated symbols . Some games permit the free spins bonus to "retrigger", which provides additional spins on high of those already awarded. There is no theoretical limit to the variety of free spins obtainable.