[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

git dangerous operations on alioth

There was recently some discussion in pkg-javascript about how to give
more people access to the VCS (e.g. keeping the git repositories
logically organised under the pkg-javascript tree, but making write
access available to all DDs + alioth guest users and not just those in
the pkg-javascript UNIX group)

I generally agree with the principle of giving more people access, but
git access is `all or nothing'.  This is not just true for alioth, it is
much the same with github hosting and many others.

Has anybody had experience controlling access to git repositories, for
example, to give users access but prevent some of the following
dangerous operations?

- prevent users pushing with the `--force' option
(from the man page for git-push: "This can cause the remote repository
to lose commits; use it with care.")

- ensure that users only push commits authored by themselves (email
address white list)

- prevent some users pushing tags (or only allow tags matching a pattern)

Github partially works around this issue by providing a convenient web
UI for managing pull requests: so you simply don't give people access to
do any commits at all, and you manually review each of their changes,
although it only requires a couple of mouse clicks to accept each patch.

Reply to: