|
| From: | Graydon Hoare |
| Subject: | [Monotone-devel] Re: read/write permissions |
| Date: | Fri, 26 Jan 2007 12:16:37 -0800 |
| User-agent: | Thunderbird 1.5.0.9 (Windows/20061207) |
Boris wrote:
What happens if a user who has only read-permission for branch A writes something to branch B? As far as I see this is possible as write-permissions are per database and not per branch. If branch B is only for privileged users is it still protected? I'd say so as the new user can't link his certificate into existing revisions in branch B. Is this correct? But does everyone with read-permission to branch B see now two heads?
I believe at the moment that any database set up to reject the user writing to branch B will reject certificates from that user that bind a revision to B, and possibly reject the revision as well.
Still, it's possible for the revision and/or cert to be transmitted by some other means. Using read or write permissions to control trust is the wrong thing to do; permissions are really just coarse measures to control visibility and abuse. The point of modeling commits with certs is that users at the ends of the system can decide what to trust themselves, independent of the trustworthiness of intermediaries in the transmission path.
(We're hoping to put together a simpler and more useful bootstrapping trust system eventually. For the time being, users must define their own trust rules with lua hooks)
-graydon
| [Prev in Thread] | Current Thread | [Next in Thread] |