There was recently some discussion in pkg-javascript about how to give more people access to the VCS (e.g. keeping the git repositories logically organised under the pkg-javascript tree, but making write access available to all DDs + alioth guest users and not just those in the pkg-javascript UNIX group)
I generally agree with the principle of giving more people access, but git access is `all or nothing'. This is not just true for alioth, it is much the same with github hosting and many others. Has anybody had experience controlling access to git repositories, for example, to give users access but prevent some of the following dangerous operations? - prevent users pushing with the `--force' option (from the man page for git-push: "This can cause the remote repository to lose commits; use it with care.") - ensure that users only push commits authored by themselves (email address white list) - prevent some users pushing tags (or only allow tags matching a pattern) Github partially works around this issue by providing a convenient web UI for managing pull requests: so you simply don't give people access to do any commits at all, and you manually review each of their changes, although it only requires a couple of mouse clicks to accept each patch. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/512f25ce.6060...@pocock.com.au
