Ticket #10664 (closed defect: wontfix)
Support base committer category for security
| Reported by: | jberry@… | Owned by: | jberry@… |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | server/hosting | Version: | |
| Keywords: | Cc: | wsiegrist@… | |
| Port: |
Description
We need to restrict commits such that:
Any commiter can change:
trunk/dports
Only "base" committers can change:
- trunk/(all other)
- downloads/
- tags/
- branches/
I'm not sure what the full set of base committers should be now, as we've certainly lost some, but for a start:
jmpp, mww, jberry, pguyot, yeled, kvv, landonf, jkh, ...?
At some point, we may need to provide access to www or docs for a broader set of users, but it's not clear to me at present that's necessary given our new documenation arrangements.
Change History
comment:1 Changed 7 years ago by jberry@…
- Type changed from defect to task
- Summary changed from Support base committer category to Support base committer category for security
comment:3 Changed 6 years ago by nox@…
- Priority changed from Important to High
- Type changed from task to defect
comment:4 Changed 6 years ago by wsiegrist@…
- Status changed from assigned to new
- Owner changed from kvv@… to wsiegrist@…
Stealing kvv's tickets... I'll do some research on the options for this.
comment:5 Changed 6 years ago by wsiegrist@…
- Owner changed from wsiegrist@… to jberry@…
Email me a map of directories to lists of users and I'll implement this. I dont need the list of committers, you can just call them "committers". For admin, base, whatever-else, I'll need a list (of email addresses registered as MacOSForge).
comment:7 Changed 4 years ago by raimue@…
- Status changed from new to closed
- Resolution set to wontfix
- Milestone set to Website & Documentation
I think this limitation would restrict committers from doing base development. As we have version control, I don't fear any malicious commits we would miss. Developers should be responsible enough to submit patches as a ticket first if they are unsure if it should be committed.