[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git dangerous operations on alioth

On 28 February 2013 09:39, Daniel Pocock <daniel@pocock.com.au> wrote:
> There was recently some discussion in pkg-javascript about how to give
> more people access to the VCS (e.g. keeping the git repositories
> logically organised under the pkg-javascript tree, but making write
> access available to all DDs + alioth guest users and not just those in
> the pkg-javascript UNIX group)
> I generally agree with the principle of giving more people access, but
> git access is `all or nothing'.  This is not just true for alioth, it is
> much the same with github hosting and many others.
> Has anybody had experience controlling access to git repositories, for
> example, to give users access but prevent some of the following
> dangerous operations?
> - prevent users pushing with the `--force' option
> (from the man page for git-push: "This can cause the remote repository
> to lose commits; use it with care.")

Alternatively gerrit and gitolite can limit that.

> - ensure that users only push commits authored by themselves (email
> address white list)

gerrit does this out of the box as well. But I do limit use in this.
If i merge a patch from my friend, why can't I push it into the
repository? I'd rather also look for Sign-off-by lines as well.

> - prevent some users pushing tags (or only allow tags matching a pattern)

gitolite / gerrit can do that.

> Github partially works around this issue by providing a convenient web
> UI for managing pull requests: so you simply don't give people access to
> do any commits at all, and you manually review each of their changes,
> although it only requires a couple of mouse clicks to accept each patch.

Gerrit can provide both web & email interface to merge / review patches.
It is used by projects like android and libreoffice to process a high
velocity stream of incoming patches.



Reply to: