On 2/2/2010 3:43 AM, Marius Mårnes Mathiesen wrote: > Not that I know of, but you are seemingly not alone in wanting this. The > reason why we haven't developed this as part of gitorious.org > <http://gitorious.org> is that gitorious.org <http://gitorious.org> > really is for F/OSS projects. But I see no reason why gitorious (the > application) couldn't be used for such purposes.
I would also really like this ability -- and in fact, since we're using it at work, I'm *trying* to push some people where I work to fund you guys to work on it. No promises whatsoever and don't get your hopes up, but maybe something will work out. > - The git protocol (if this is enabled) has no access control > mechanisms. This means that if you run a git daemon, knowledge of the > Git URL would be sufficient to gain access to a project, effectively > bypassing all the SSH/web access control mechanisms. But you guys have your own git-daemon that is run. Such access control could be coded into this, correct? > - HTTP cloning also does not require authentication, and would work > similarly I haven't used HTTP cloning in gitorious; I would imagine that it shouldn't be hard to turn off (or to filter out the relevant paths in Apache itself, via access control or URL rewriting). --Jeff
signature.asc
Description: OpenPGP digital signature
