Re: ACLs for GIT - Phil Hord

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Phil Hord <hordp@cisco.com>
To: Martin L Resnick <mresnick@bbn.com>
Cc: "Magnus Bäck" <magnus.back@sonyericsson.com>, git@vger.kernel.org
Subject: Re: ACLs for GIT
Date: Mon, 16 May 2011 11:33:30 -0400	[thread overview]
Message-ID: <4DD143CA.3000700@cisco.com> (raw)
In-Reply-To: <4DD1250D.50005@bbn.com>

On 05/16/2011 09:22 AM, Martin L Resnick wrote:
> Thanks Mangus.
>
> You pointed out some hurdles I'll have to think about
> (blocked files not matching the SHA and so can't be committed).
>
> As to why I want to do this consider NSA non-export rules.
> Our application would be built with NSA encryption
> but we have foreign nationals working on the code
> and so they are not permitted to see that part.
> The makefiles look to see if the NSA encryption code file
> is there and link it in. If not a stub is used.

We use submodules for this same need here.  If the submodule is loaded,
the code is used from that.  If not, pre-built binaries are used
instead.  These could be stubs.

When we share code with outside partners, we give them access only to
the modules they need.

We further guard the code in the submodule by PGP-encrypting the source
files and storing them in the repository (as binaries).  This practice
lets us be more free with the repository and not worry so much that it
may be cloned well out of our control.  Storing code as shrouded
binaries negates much of git's power, but only for this one submodule. 
Our other submodules are still quite git-friendly.

Phil

next prev parent reply	other threads:[~2011-05-16 15:33 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-15 19:24 ACLs for GIT Martin L Resnick
2011-05-15 20:15 ` Magnus Bäck
2011-05-16 13:22   ` Martin L Resnick
2011-05-16 15:26     ` Richard Peterson
2011-05-16 15:33     ` Phil Hord [this message]
2011-05-16 15:36       ` Martin L Resnick
2011-05-16 16:28     ` Jakub Narebski
2011-05-15 20:16 ` R. Tyler Croy
2011-05-16 13:22   ` Martin L Resnick
2011-05-17  1:32     ` Sitaram Chamarty
2011-05-17  1:49       ` Shawn Pearce
2011-05-17 12:08         ` Sitaram Chamarty
2011-05-17 14:06           ` Shawn Pearce
2011-05-17 15:41             ` Sitaram Chamarty
2011-05-15 20:28 ` Marc Weber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DD143CA.3000700@cisco.com \
    --to=hordp@cisco.com \
    --cc=git@vger.kernel.org \
    --cc=magnus.back@sonyericsson.com \
    --cc=mresnick@bbn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).