dist-git proof of concept phase 2 ready for testing
Jesse Keating
jkeating at redhat.com
Tue Dec 22 02:10:55 UTC 2009
On Sun, 2009-12-20 at 19:31 -0800, Jesse Keating wrote:
> On Sun, 2009-12-20 at 10:28 +0100, Hans Ulrich Niedermann wrote:
> > Currently, it appears that I can push arbitrarily named branches, at
> > least if the package does not have per branch ACLs:
> >
>
> Yes, that makes sense given the way the ACL system works, it just wasn't
> fully expected by me. A small change to the ACL generation script will
> make sure that this sort of loophole is closed.
>
This has been done. The way the ACLs now work, if you are a packager,
you can create branches in any package that start with "private-". This
makes it even easier to pass changes around as you can tell the
maintainer to pull from or merge from a private branch you've created.
Nobody should be able to create any branches that do not start with
"private-".
If we wanted to lock this down more, and only allow you to commit to a
private- branch only if you already have write access to some other
branch (F-12, master, EL-5, whatever) then I'll have to add more logic
to the ACL generation tool. But for now, I like the freedom we have.
We'll make sure that the buildsystem will not allow any official
(non-scratch) builds to happen from a private-* branch.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091221/87b7fc8a/attachment.sig>
More information about the fedora-devel-list
mailing list