[Bug 599066] Create a specific check for the gnomeweb user from l10n.gnome.org
- From: "sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>
- To: gnome-infrastructure gnome org
- Subject: [Bug 599066] Create a specific check for the gnomeweb user from l10n.gnome.org
- Date: Thu, 4 Nov 2010 14:22:34 +0000 (UTC)
https://bugzilla.gnome.org/show_bug.cgi?id=599066
sysadmin | Git | unspecified
--- Comment #29 from Owen Taylor <otaylor redhat com> 2010-11-04 14:22:27 UTC ---
(In reply to comment #28)
> @Owen: It seems impossible given a user with write access to a repository to
> somehow deny them write access if the hook that checks their access is removed.
>
> Also, the only people capable of doing that are sysadmin or gitadmin team
> members. It seems like a reasonable enough tradeoff.
What I was thinking about, rather than a complicated acl scheme was doing a
check in run-git-or-special-command ... the syntax of what can be executed by
git is pretty limited, and has the directory easily extractable. (See man
git-shell) That could actually check that the repository was in the expected
location and had the expected hook before allowing the commit to proceed.
(That script or what it calls needs fixing anyways .... otherwise the
translation user could create repositories -- not the end of the world, but
probably not intended.)
Since we need to maintain security anyways ... no gnomecvs user is supposed to
be
able to commit to repositories without the standard email and reflogging hooks
.. I don't see this check as mandatory. if it's hard, then we shouldn't bother
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
