On Fri, 28 Dec, Richard Hipp wrote: > When somebody clones the repository,and has a local copy of the > repository, then they can do anything they want with that local copy > since it is a file they own. Permissions only come into plan when > dealing with a remote server.
Right. So, of course, the permissions should already restrict what one can clone. [push permission] > The idea is that you trust your developers. This is not always possible. Back in our university days we had a stable code branch where only university employees were allowed to commit, but in certain branches, students were allowed to commit their work which was merged into trunk by employees. Students were not allowed to directly commit into trunk. Due to a misconfiguration it was once possible for students to access an area which they shouldn't have access to ... and guess what ... one student indeed managed to break a crucial file of the build. Of course it was possible to repair everything (because everything is under version control), but it was effort and it is nice to avoid such accidents. This is regarding "push permission". Of course, the other direction is problematic as well. E.g. if there exists 3rd party code that is used to build the complete product, but for which not each developer has the required license to see it in source form. > For servers, on the /Admin/Access setup page, there is an entry field > named "Public Pages". That field (which is normally blank) can be > set to a comma-separated list of GLOB patterns for URLs that > unprivileged users are allowed to read even if they would normally > not have read permission. The "Public Pages" glob list is used, for > example, to allow unprivileged users to read a few specific > documentation or wiki pages without being able to view private source > code or sensitive wiki pages. But this only applies to wiki pages? Not to source code (and, for that matter, not to tickets either)? Then we'll have to think about moving to Fossil with our main repositories again. Greetings, Stefan -- Stefan Bellon _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
