On Sat, Dec 14, 2013 at 6:18 PM, Andy Bradford <amb-fos...@bradfords.org>wrote:
> > 2) what is to prevent the student from doing things as admin on their > > copy of the repo and then committing that back to the server? > > If you use the http mode for fossil, the permissions assigned to the > user account are enforced. So if the student1 account is only setup as a > user that has no Wiki editing, for example, he won't be able to push any > Wiki changes to the server. Sure, he can fire up the UI in his local > clone and edit the Wiki there, but anything he commits will never be > accepted by the source. > > Note that while you can prevent students from modifying "built in" wiki pages, you won't be completely depriving them of the wiki features. They will just have to create pageName.wiki files and edit/commit them the same as their source (and other project) files. Also, I suggest you (and your TA) use gpg (or similar tool) to securely, digitally sign grading and related files. this way, even if unauthorized changes do get into the server side repos, you can easily verify the correct versions. (As long as your private key remains on your personal USB sticks and is never committed to Fossil, the students will not be able to forge your digital signature.)
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
