[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Thu Sep 18 14:19:36 CDT 2008
On Thu, 2008-09-18 at 20:10 +0100, Mark Seaborn wrote:
> "Jonathan S. Shapiro" <shap at eros-os.com> wrote:
>
> > We are trying to run a source code repository. We have two classes of
> > users of the repository: documenters and developers. We also have a
> > class of administrators who determine which users are in which class (or
> > possibly in both).
> >
> > The desired policy is:
> >
> > 1. All users in either group should have read access to all source
> > files stored in the repository.
> >
> > 2. In order to revise a file whose name ends in .c or .h, the user
> > must be in the developer group.
> >
> > 3. Similarly, in order to create a directory anyplace *other than* the
> > "doc" tree, the user must be in the developer group.
> ...
>
> This should be straightforward to do with today's distributed SCMs.
> You could have a system that pulls changesets from users' individual
> branches into the main branch and accepts or rejects the changesets
> based on whether they contain changes that the user is allowed to
> make.
>
> Bazaar uses the term "gatekeeper" (http://bazaar-vcs.org/Workflows).
> There are already gatekeepers that check whether tests pass or require
> code review before merging changes.
Yes. But today's SCMs aren't at all easy to implement credibly on pure
capability systems.
shap
More information about the cap-talk
mailing list