On 12/19/2009 23:27, Thomas Hartman wrote:
Sure, though it's a little involved.
Patch-Tag uses unix security for securing repos. When several users
share a private repo, they are all on the same linux group, and the
repo has rwxs for that group.
However, darcs also has a global cache for patches (and whatever
objects are under _darcs/hashed.inventory)
These patches are shared across repos using hard links.
So, what happens if you have two repos, with two owners, some hashes
in common? The hardlinked file objects can only belong to one group,
so somebody is not going to be able to access that repo.
One more secure possibility would be separate per-group global caches.
It might take some _darcs/prefs/sources and ~/.darcs/sources munging to
enforce it, and obviously your space utilization won't be as minimal as
possible, but you could continue to use unix groups to enforce
repository security. (Not that I know any exploits against it, but I'm
not a full time sysadmin.)
--
--Max Battcher--
http://worldmaker.net
_______________________________________________
darcs-users mailing list
[email protected]
http://lists.osuosl.org/mailman/listinfo/darcs-users
