monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Security and Permissions

From: Daniel Carrera
Subject: Re: [Monotone-devel] Security and Permissions
Date: Sat, 11 Oct 2008 15:26:08 +0200
User-agent: Thunderbird 2.0.0.17 (Macintosh/20080914) 
Ludovic Brenta wrote:

The security model is actually quite crude as write permissions are
database-wide.  Read permissions can be per-branch within a database;
see "Network Service Revisited" in the doc.

To complement the security model, there is also a trust model.  You
can set up a per-user filter in your ~/.monotonerc that will "hide"
all revisions you don't trust.  See "Trust Evaluation Hooks" in the
manual.
Thanks. I just read "Network Service Revisited" but I cannot find "rust Evaluation Hooks". Could you tell me where it is?
So, if you wanted to have a secret branch (e.g. where core developers work on security vulnerabilities) you would use monotonerc, yes? 

pattern "net.venge.monotone.secret"
allow "address@hidden"
allow "address@hidden"
This would work if you run a monotone server with netsync but if you run Monotone through SSH, a developer could just edit monotonerc to let himself into the secret branch. You could allow core developers to use SSH, but other developers would have to use netsync. Am I right? 

Thanks.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]