[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Security and Permissions

From: Daniel Carrera
Subject: Re: [Monotone-devel] Security and Permissions
Date: Sat, 11 Oct 2008 15:26:08 +0200
User-agent: Thunderbird (Macintosh/20080914)

Ludovic Brenta wrote:
The security model is actually quite crude as write permissions are
database-wide.  Read permissions can be per-branch within a database;
see "Network Service Revisited" in the doc.

To complement the security model, there is also a trust model.  You
can set up a per-user filter in your ~/.monotonerc that will "hide"
all revisions you don't trust.  See "Trust Evaluation Hooks" in the

Thanks. I just read "Network Service Revisited" but I cannot find "rust Evaluation Hooks". Could you tell me where it is?

So, if you wanted to have a secret branch (e.g. where core developers work on security vulnerabilities) you would use monotonerc, yes?

pattern "net.venge.monotone.secret"
allow "address@hidden"
allow "address@hidden"

This would work if you run a monotone server with netsync but if you run Monotone through SSH, a developer could just edit monotonerc to let himself into the secret branch. You could allow core developers to use SSH, but other developers would have to use netsync. Am I right?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]