On 28 February 2013 09:39, Daniel Pocock <dan...@pocock.com.au> wrote: > > > There was recently some discussion in pkg-javascript about how to give > more people access to the VCS (e.g. keeping the git repositories > logically organised under the pkg-javascript tree, but making write > access available to all DDs + alioth guest users and not just those in > the pkg-javascript UNIX group) > > I generally agree with the principle of giving more people access, but > git access is `all or nothing'. This is not just true for alioth, it is > much the same with github hosting and many others. > > Has anybody had experience controlling access to git repositories, for > example, to give users access but prevent some of the following > dangerous operations? > > - prevent users pushing with the `--force' option > (from the man page for git-push: "This can cause the remote repository > to lose commits; use it with care.") >
Alternatively gerrit and gitolite can limit that. > - ensure that users only push commits authored by themselves (email > address white list) > gerrit does this out of the box as well. But I do limit use in this. If i merge a patch from my friend, why can't I push it into the repository? I'd rather also look for Sign-off-by lines as well. > - prevent some users pushing tags (or only allow tags matching a pattern) > gitolite / gerrit can do that. > Github partially works around this issue by providing a convenient web > UI for managing pull requests: so you simply don't give people access to > do any commits at all, and you manually review each of their changes, > although it only requires a couple of mouse clicks to accept each patch. > Gerrit can provide both web & email interface to merge / review patches. It is used by projects like android and libreoffice to process a high velocity stream of incoming patches. Regards, Dmitrijs. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANBHLUg2PwR9HWZsBuUrcjTae+p7_Vh6vF=bKiDR070B1y=d...@mail.gmail.com