On Sat, 19 Dec 2009 10:56:57 -0800
Jesse Keating <jkeating(a)redhat.com> wrote:
We definitely want to allow topic branches pushed to the main repo.
I
think we'll have to agree on a namespace to use for these, perhaps
following the dist-cvs example and call them private-*
private/* would have the advantage of allowing easier branch name
wildcards in git ("git push origin 'private/*'").
OTOH, branch or tag names with slashes in them have the potential
to confuse tools and people.
The way the ACL system works is that it matches on the refs
you're
pushing up, so for packages that have per-branch ACLs only the refs
that match the branch have ACLs on them, and the assumption is that
without an ACL you have no rights to it. That's likely why your push
failed, but I'd like to see the message to confirm. It shouldn't be
too hard to tweak the ACL creation script to add W access to anybody
who has W access already to the private-* namespace.
Currently, it appears that I can push arbitrarily named branches, at
least if the package does not have per branch ACLs:
$ git push origin moo private/moo private-moo
Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 759 bytes, done.
Total 9 (delta 8), reused 0 (delta 0)
To ssh://ndim@pkgs.stg.fedoraproject.org/cstream
* [new branch] moo -> moo
* [new branch] private/moo -> private/moo
* [new branch] private-moo -> private-moo
$
And the same happens with (non-signed, non-annotated) tags:
$ git push origin meh private/meh private-meh
Total 0 (delta 0), reused 0 (delta 0)
To ssh://ndim@pkgs.stg.fedoraproject.org/cstream
* [new tag] meh -> meh
* [new tag] private/meh -> private/meh
* [new tag] private-meh -> private-meh
$
I guess even without per branch ACLs, the ACL system should take a look
at what I am actually pushing and verify its tag/branch names match some
kind of wildcard whitelist. For tags, it might also check their type
(annotated, signed).
--
Hans Ulrich Niedermann