On Thu, Jan 04, 2018 at 11:10:17AM +0100, Ævar Arnfjörð Bjarmason wrote: > That's badly explained, sorry, when I say "push" I mean "push and/or > pull". > > I don't know about Github, but on Gitlab when you provision a deploy key > and associate it with a repo it must be *globally* rw or ro, there's no > way to on a per-repo basis say it should be rw ro. > > I have a job that's fetching a bunch of repos to review code in them > (for auditing purposes). It then commits the results of that review to > other git repos. > > Thus I want to have a ro key to all those reviewed repos, but rw keys to > the audit repo itself (and it'll also pull with the rw key). OK, that part makes sense to me. But I'm not sure how your patch solves it. When you "git fetch" on the audit repo, wouldn't your GIT_SSH_RECEIVE_COMMAND kick in and use the wrong key? What am I missing? -Peff
