Re: Bugs in Gitosis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Shawn,

On Fri, Oct 29, 2010 at 7:36 AM, Shawn Pearce <spearce@xxxxxxxxxxx> wrote:
> On Oct 28, 2010 5:02 PM, "Sitaram Chamarty" <sitaramc@xxxxxxxxx> wrote:

>> can do. ÂSee
>> http://github.com/sitaramc/gitolite/blob/pu/contrib/gerrit.mkd
>> for a comparision
>
> There are a few inaccuracies in that document that I would like to correct.

well, updates I guess; I did update one part of it based on our IRC
conv, but if there's more I'll put those in too.

> For starters we now support regex patterns in branch access control rules.

ok; will update.

> We also now allow $(username) in a pattern to mean the current user and thus
> permit per-developer branches.

Right; gitolite uses /USER/; it's only a syntax difference but I'll
mention it somewhere.

> We don't allow per-user access rules because in the corporate world its
> usually a bad idea to have only one user with a particular set of
> permissions. What happens when the user leaves the project or is hit by a
> bus? Of course this also applies to most open projects too... :-)

You do the same thing in either case, no?  Take out the old guy's name
from somewhere, put in the new guy's name?

But yeah, I'll amend this to say this is a subjective opinion :-)

> We also allow importing a user's groups from an organization's LDAP server.
> This can be useful when there are thousands of users on a single server and
> the org wants to continue using their existing access controls.

Except in gitolite it's not an import; it's more like "give me a
program that, given a userid, returns a list of groups he belongs to"
and gitolite calls that if it's specified.

> But after that, yes, that document is a good summary of the features that
> both tools offer... and I know many companies really do salivate over the
> branch level read access rules. It is difficult to do for Git, but it also
> can be useful to have everything in a single location.

Probably.  But where that restriction exists, I may have to show the
auditors that the restriction holds, and that's a lot easier to do
when they're in separate repos to begin with.

-- 
Sitaram
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]