On Mon, Feb 1, 2010 at 11:35 PM, weu <[email protected]> wrote: > I'm interested in this too as i'd like to setup a private gitorius on > my home server and give access to some people, but i don't want that > they access my other private projects too... > Any news about this? >
Not that I know of, but you are seemingly not alone in wanting this. The reason why we haven't developed this as part of gitorious.org is that gitorious.org really is for F/OSS projects. But I see no reason why gitorious (the application) couldn't be used for such purposes. If such a feature should be merged into the master Gitorious branch, is another question. Gitorious is constantly evolving, and such a feature would need to be maintained actively to keep up with what is deployed on gitorious.org. So a one-off shot would probably suffice for a here-and-now scenario, but this would need to be maintained in the long run too. A few things to be aware of: - Access control: Gitorious already has support for fine grained permissions when users push their changes over SSH. It has users, teams, memberships, committerships, probably all that's required on the model level. The web application, however, only uses a small subset of this: some pages/actions are only accessible for logged in users, others only for certain logged in users etc. For this to be implemented one would have to implement a broader access control on a project/repository basis and other objects related to these. - The git protocol (if this is enabled) has no access control mechanisms. This means that if you run a git daemon, knowledge of the Git URL would be sufficient to gain access to a project, effectively bypassing all the SSH/web access control mechanisms. - HTTP cloning also does not require authentication, and would work similarly Cheers, - Marius -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
