|
From: | Daniel Carrera |
Subject: | Re: [Monotone-devel] Security and Permissions |
Date: | Sat, 11 Oct 2008 15:26:08 +0200 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Ludovic Brenta wrote:
The security model is actually quite crude as write permissions are database-wide. Read permissions can be per-branch within a database; see "Network Service Revisited" in the doc. To complement the security model, there is also a trust model. You can set up a per-user filter in your ~/.monotonerc that will "hide" all revisions you don't trust. See "Trust Evaluation Hooks" in the manual.
Thanks. I just read "Network Service Revisited" but I cannot find "rust Evaluation Hooks". Could you tell me where it is?
So, if you wanted to have a secret branch (e.g. where core developers work on security vulnerabilities) you would use monotonerc, yes?
pattern "net.venge.monotone.secret" allow "address@hidden" allow "address@hidden"This would work if you run a monotone server with netsync but if you run Monotone through SSH, a developer could just edit monotonerc to let himself into the secret branch. You could allow core developers to use SSH, but other developers would have to use netsync. Am I right?
Thanks.
[Prev in Thread] | Current Thread | [Next in Thread] |