Package: dgit-infrastructure Version: 2.11 Severity: wishlist It would be great if we could push arbitrary branches and tags to dgit-repos, outside of the dgit/*, archive/debian/* and debian/* protected namespaces. Users could push them to the 'origin' remote that `dgit clone` already sets up.
I know that Ian already has this feature in mind, but I wanted to file a bug in case there is any disagreement over access control. In particular, I would like to suggest that only someone who can `dgit push` a package should be able to push arbitrary branches and tags. A lot of people who don't have upload rights can push to a lot of repos on alioth. There is little risk to this when those who upload the package already have it cloned on their machine, and just run `git pull` and then review changes. For packages that are less frequently updated and might not be cloned to the uploader's machine, someone could maliciously rewrite history and the changes might well end up in the archive. An access-controlled git hosting service for Debian would be very useful to have for packages like this. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: i386 (i686) Kernel: Linux 4.8.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Sean Whitton
signature.asc
Description: PGP signature
