From: "Magnus Bäck" <baeck@google.com>
To: Joydeep Bakshi <joydeep.bakshi@infoservices.in>
Cc: Fredrik Gustafsson <iveqy@iveqy.com>, git@vger.kernel.org
Subject: Re: building git ; need suggestion
Date: Fri, 15 Mar 2013 09:14:05 -0400 [thread overview]
Message-ID: <20130315131403.GA27022@google.com> (raw)
In-Reply-To: <00107242-04EB-423F-90FE-A6DCDEE7E262@infoservices.in>
On Friday, March 15, 2013 at 08:52 EDT,
Joydeep Bakshi <joydeep.bakshi@infoservices.in> wrote:
> On 15-Mar-2013, at 6:14 PM, Fredrik Gustafsson <iveqy@iveqy.com> wrote:
>
> > gitolite have a more fine ACL. Check it out. However it doesn't
> > really meet your needs with web-interface (and I'm not even sure
> > about the ACL thing is fine enough for you). You can read more about
> > ACL in the git book: http://git-scm.com/book/ch7-4.html
> >
> > The webgui that's most populair is cgit and git-web. They don't do
> > ACL afaik.
> >
> > Why would you need ACL? Why not don't share the branches that are
> > going to be secret? Or are you looking for some branches to be read
> > only?
>
> Actually the branches have to be dedicated to a group of users.
> developer branch ---> developers
> bug fixed branch --- > bug fixer
>
> and specific group don't need to RW permission on other branch.
> Obviously the admin must have the full permission on all these branches
> and merge as per requirement.
Right, but that's R/W permissions. Almost any piece of Git hosting
software supports restriction of pushes. Discriminating *read* access
between developers and maintenance people sounds like a disaster if it's
the same organization. Well, it sounds like a disaster even if there are
two different organizations working on development and maintenance, but
at least it's a reason.
Anyway, Gerrit supports per-branch read ACLs. As long as all changes go
through code review, perhaps Gerrit web interface works sufficiently
well as a repository viewer? Pushes that bypass code review won't show
up there.
http://gerrit-documentation.googlecode.com/svn/Documentation/2.5/access-control.html#category_read
> The web-interface is required for checking the history by the users
> themselves and for code review. I don't know any web interface which
> can show repo/branch based on authentication. I have tried gitweb but
> it can handle a single repo or multiple repo with single
> authentication. NO ACL
If you just have two levels of access you could have two separate
Gitweb sites and use Gerrit to replicate a subset of the branches
to each site. You could e.g. have gitweb-dev.example.com and
gitweb-maint.example.com and grant access to those sites accordingly.
--
Magnus Bäck
baeck@google.com
next prev parent reply other threads:[~2013-03-15 13:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 12:24 building git ; need suggestion Joydeep Bakshi
2013-03-15 12:43 ` Joydeep Bakshi
2013-03-15 12:44 ` Fredrik Gustafsson
2013-03-15 12:52 ` Joydeep Bakshi
2013-03-15 13:14 ` Magnus Bäck [this message]
2013-03-18 5:44 ` Joydeep Bakshi
2013-03-18 12:24 ` Joydeep Bakshi
2013-03-19 2:11 ` David Aguilar
2013-03-15 17:25 ` Paul Campbell
2013-03-15 13:56 ` Konstantin Khomoutov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130315131403.GA27022@google.com \
--to=baeck@google.com \
--cc=git@vger.kernel.org \
--cc=iveqy@iveqy.com \
--cc=joydeep.bakshi@infoservices.in \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.