[cap-talk] More Heresey: ACLs not inherently bad

Mark Seaborn mrs at mythic-beasts.com
Thu Sep 18 14:10:08 CDT 2008

"Jonathan S. Shapiro" <shap at eros-os.com> wrote:

> We are trying to run a source code repository. We have two classes of
> users of the repository: documenters and developers. We also have a
> class of administrators who determine which users are in which class (or
> possibly in both).
> The desired policy is:
>   1. All users in either group should have read access to all source
>      files stored in the repository.
>   2. In order to revise a file whose name ends in .c or .h, the user
>      must be in the developer group.
>   3. Similarly, in order to create a directory anyplace *other than* the
>      "doc" tree, the user must be in the developer group.

This should be straightforward to do with today's distributed SCMs.
You could have a system that pulls changesets from users' individual
branches into the main branch and accepts or rejects the changesets
based on whether they contain changes that the user is allowed to

Bazaar uses the term "gatekeeper" (http://bazaar-vcs.org/Workflows).
There are already gatekeepers that check whether tests pass or require
code review before merging changes.


More information about the cap-talk mailing list