On Sunday, May 15, 2011 at 21:24 CEST,
Martin L Resnick <mresnick@xxxxxxx> wrote:
> Is anyone working on adding access control to GIT ?
>
> I'm looking for the Subversion equivalent of mod_authz_svn.
> I need to restrict read access of ITAR documents that are
> scattered throughout the source tree.
> This restriction would need to deny fetch of the ITAR
> documents yet allow fetch of any other files.
>
> Looking through the source code it would seem that
> putting a hook call in the fetch-pack code would do it.
I doubt it would make sense to put per-file permissions in Git
as it doesn't version files but the complete state of a workspace.
Even if you manage to hack the pack code to not include certain
blobs when certain users ask for them, what would those users
do when they want to create new commits based on commits where
blobs are missing? Or would you send the protected blobs but
replace their contents? Then Git would complain about that.
However, both Gerrit Code Review and Gitolite offer per-branch
permissions, so if it would be possible to put these files on
branches of their own these tools would help.
--
Magnus Bäck Opinions are my own and do not necessarily
SW Configuration Manager represent the ones of my employer, etc.
Sony Ericsson
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html