On Sat, 27 Jan 2018 15:09:27 +0200, Niko Tyni wrote: > On Sat, Jan 27, 2018 at 01:00:10PM +0000, Dominic Hargreaves wrote: > > On Sat, Jan 27, 2018 at 10:27:49AM +0100, Joerg Jaspert wrote: > > > In a group structure of > > > > > > perl-team > > > modules > > > interpreter > > > > > > anyone who is granted access to perl-team will have the access copied to > > > any subgroup, ie modules and interpreter. Anyone with access to modules > > > will have it only there, not in interpreter. And also, anyone with > > > access in perl-team can have different access in a subgroup, but that > > > needs to be explicitly set. > > > > Sounds like this can definitely work then. I'm fine with this arrangement; > > it seems the neatest to me. > > Yeah, sounds good to me as well! Thanks for your help, Ganneff, and Dom&Niko for your approval. There's one detail left where I'm not sure how to handle this structure- and permissions-wise. Quoting from my first mail in this thread: currently we have + meta.git + website.git + scripts.git + packages/ lib.*-perl.git ... + attic/ lib.*-perl.git ... + do we want to keep this structure? probably yes; So besides a subgroup ("packages" →) "modules" and the new "interpreter" subgroup we currently also have some more repos and a directory ("attic"). And we probably want a system where permissions are separate for "interpreter" on the one hand and everything else on the other hand. If we more or less keep the structure as above we could add members/permissions for "perl-team" but then would have to lower permissions for interpreter explicitly; or we'd have to add members for "modules" and "attic" and whatnot separately. Sounds a bit complicated and error-prone. Or maybe we throw everything under "modules" except "interpreter": group perl-team subgroup interpreter project perl.git subgroup modules subgroup packages project libfoo-perl.git project libbar-perl.git subgroup attic project libbaz.git meta.git website.git scripts.git Maybe a bit complicated with many levels but then we can set permissions as in Ganneff's mail, and after all it's just about paths which are consumed by scripts ... I guess I'll set up perl-team later and play around a bit. And maybe someone has thoughts or ideas before or after that. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- NP: Cat Stevens: Father And Son
Attachment:
signature.asc
Description: Digital Signature