Re: git dangerous operations on alioth
On 28 February 2013 09:39, Daniel Pocock <daniel@pocock.com.au> wrote:
>
>
> There was recently some discussion in pkg-javascript about how to give
> more people access to the VCS (e.g. keeping the git repositories
> logically organised under the pkg-javascript tree, but making write
> access available to all DDs + alioth guest users and not just those in
> the pkg-javascript UNIX group)
>
> I generally agree with the principle of giving more people access, but
> git access is `all or nothing'. This is not just true for alioth, it is
> much the same with github hosting and many others.
>
> Has anybody had experience controlling access to git repositories, for
> example, to give users access but prevent some of the following
> dangerous operations?
>
> - prevent users pushing with the `--force' option
> (from the man page for git-push: "This can cause the remote repository
> to lose commits; use it with care.")
>
Alternatively gerrit and gitolite can limit that.
> - ensure that users only push commits authored by themselves (email
> address white list)
>
gerrit does this out of the box as well. But I do limit use in this.
If i merge a patch from my friend, why can't I push it into the
repository? I'd rather also look for Sign-off-by lines as well.
> - prevent some users pushing tags (or only allow tags matching a pattern)
>
gitolite / gerrit can do that.
> Github partially works around this issue by providing a convenient web
> UI for managing pull requests: so you simply don't give people access to
> do any commits at all, and you manually review each of their changes,
> although it only requires a couple of mouse clicks to accept each patch.
>
Gerrit can provide both web & email interface to merge / review patches.
It is used by projects like android and libreoffice to process a high
velocity stream of incoming patches.
Regards,
Dmitrijs.
Reply to: