On Sat, 27 Jan 2018 15:09:27 +0200, Niko Tyni wrote:
> On Sat, Jan 27, 2018 at 01:00:10PM +0000, Dominic Hargreaves wrote:
> > On Sat, Jan 27, 2018 at 10:27:49AM +0100, Joerg Jaspert wrote:
> > > In a group structure of
> > >
> > > perl-team
> > > modules
> > > interpreter
> > >
> > > anyone who is granted access to perl-team will have the access copied to
> > > any subgroup, ie modules and interpreter. Anyone with access to modules
> > > will have it only there, not in interpreter. And also, anyone with
> > > access in perl-team can have different access in a subgroup, but that
> > > needs to be explicitly set.
> >
> > Sounds like this can definitely work then. I'm fine with this arrangement;
> > it seems the neatest to me.
>
> Yeah, sounds good to me as well!
Thanks for your help, Ganneff, and Dom&Niko for your approval.
There's one detail left where I'm not sure how to handle this
structure- and permissions-wise. Quoting from my first mail in this
thread:
currently we have
+ meta.git
+ website.git
+ scripts.git
+ packages/
lib.*-perl.git
...
+ attic/
lib.*-perl.git
...
+ do we want to keep this structure? probably yes;
So besides a subgroup ("packages" →) "modules" and the new
"interpreter" subgroup we currently also have some more repos and a
directory ("attic"). And we probably want a system where permissions
are separate for "interpreter" on the one hand and everything else on
the other hand.
If we more or less keep the structure as above we could add
members/permissions for "perl-team" but then would have to lower
permissions for interpreter explicitly; or we'd have to add members
for "modules" and "attic" and whatnot separately. Sounds a bit
complicated and error-prone.
Or maybe we throw everything under "modules" except "interpreter":
group perl-team
subgroup interpreter
project perl.git
subgroup modules
subgroup packages
project libfoo-perl.git
project libbar-perl.git
subgroup attic
project libbaz.git
meta.git
website.git
scripts.git
Maybe a bit complicated with many levels but then we can set
permissions as in Ganneff's mail, and after all it's just about paths
which are consumed by scripts ...
I guess I'll set up perl-team later and play around a bit. And maybe
someone has thoughts or ideas before or after that.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Cat Stevens: Father And Son
Attachment:
signature.asc
Description: Digital Signature