|
From: | Boris |
Subject: | [Monotone-devel] Re: Re: Re: Re: How will policy branches work? |
Date: | Wed, 06 Feb 2008 18:58:07 +0200 |
User-agent: | Opera Mail/9.22 (Win32) |
On Wed, 06 Feb 2008 17:43:37 +0200, Zack Weinberg <address@hidden> wrote:
[...]We think that it'll be both friendlier and more secure if we allow people to do whatever they want locally, but not force changes in violation of policy on anyone else. It ends up working almost like
Yes, that's fine. I want people to do what they want but only in projects they are allowed to work on - which means projects they received through their monotone database. Other projects (in my database) they are not assigned to should not be transferred to their database - no matter if they sync with a central monotone server or with other developers. I understand that there won't be 100% security. But if I can tell monotone not to send around all files between developers by default and if not every developer has to maintain the very same configuration as on the central server that would already be helpful.
what you describe in practice. There is a set of permission settings signed (not encrypted) with the administrator's private key. One of those settings is the administrator's public key. Anyone can, in their own database, substitute a permission set signed with their own private key which lists their own public key as having administrative rights. But everyone else's database ignores that change because they only trust the original administrator, not the usurper.
What kind of permissions can be set in policy branches? Basically the same which can be set today with the files write-permissions/read-permissions?
Boris
[Prev in Thread] | Current Thread | [Next in Thread] |