Re: ACLs for GIT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/16/2011 09:22 AM, Martin L Resnick wrote:
> Thanks Mangus.
>
> You pointed out some hurdles I'll have to think about
> (blocked files not matching the SHA and so can't be committed).
>
> As to why I want to do this consider NSA non-export rules.
> Our application would be built with NSA encryption
> but we have foreign nationals working on the code
> and so they are not permitted to see that part.
> The makefiles look to see if the NSA encryption code file
> is there and link it in. If not a stub is used.

We use submodules for this same need here.  If the submodule is loaded,
the code is used from that.  If not, pre-built binaries are used
instead.  These could be stubs.

When we share code with outside partners, we give them access only to
the modules they need.

We further guard the code in the submodule by PGP-encrypting the source
files and storing them in the repository (as binaries).  This practice
lets us be more free with the repository and not worry so much that it
may be cloned well out of our control.  Storing code as shrouded
binaries negates much of git's power, but only for this one submodule. 
Our other submodules are still quite git-friendly.

Phil

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]