dist-git proof of concept phase 2 ready for testing

Jesse Keating jkeating at redhat.com
Tue Dec 22 02:10:55 UTC 2009

On Sun, 2009-12-20 at 19:31 -0800, Jesse Keating wrote:
> On Sun, 2009-12-20 at 10:28 +0100, Hans Ulrich Niedermann wrote:
> > Currently, it appears that I can push arbitrarily named branches, at
> > least if the package does not have per branch ACLs:
> > 
> Yes, that makes sense given the way the ACL system works, it just wasn't
> fully expected by me.  A small change to the ACL generation script will
> make sure that this sort of loophole is closed.

This has been done.  The way the ACLs now work, if you are a packager,
you can create branches in any package that start with "private-".  This
makes it even easier to pass changes around as you can tell the
maintainer to pull from or merge from a private branch you've created.

Nobody should be able to create any branches that do not start with

If we wanted to lock this down more, and only allow you to commit to a
private- branch only if you already have write access to some other
branch (F-12, master, EL-5, whatever) then I'll have to add more logic
to the ACL generation tool.  But for now, I like the freedom we have.

We'll make sure that the buildsystem will not allow any official
(non-scratch) builds to happen from a private-* branch.

Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091221/87b7fc8a/attachment.sig>

More information about the fedora-devel-list mailing list