https://bugzilla.gnome.org/show_bug.cgi?id=599066 sysadmin | Git | unspecified
--- Comment #29 from Owen Taylor <[email protected]> 2010-11-04 14:22:27 UTC --- (In reply to comment #28) > @Owen: It seems impossible given a user with write access to a repository to > somehow deny them write access if the hook that checks their access is > removed. > > Also, the only people capable of doing that are sysadmin or gitadmin team > members. It seems like a reasonable enough tradeoff. What I was thinking about, rather than a complicated acl scheme was doing a check in run-git-or-special-command ... the syntax of what can be executed by git is pretty limited, and has the directory easily extractable. (See man git-shell) That could actually check that the repository was in the expected location and had the expected hook before allowing the commit to proceed. (That script or what it calls needs fixing anyways .... otherwise the translation user could create repositories -- not the end of the world, but probably not intended.) Since we need to maintain security anyways ... no gnomecvs user is supposed to be able to commit to repositories without the standard email and reflogging hooks .. I don't see this check as mandatory. if it's hard, then we shouldn't bother -- Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the QA contact of the bug. You are watching the assignee of the bug. _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
