Bradley Wagner wrote:
> I'm trying to devise a security scheme for my repository and have hit
> a snag. I'm trying to limit the ability to create both branches and
> tags to a single "release manager". It's easy enough to make the /
> branches and /tags directories only writable by a particular user,
> however, I'd also like to give my developers the ability to patch
> existing branches when a minor release is made on a previous branch.
> The only way I can think to do this, is to give only my release
> manager write access to "branches" and then each time a branch is
> created, explicitly give my developers write access to that branch
> directory. This allows them to edit existing branches but not create
> new ones. It seems a little difficult to maintain though and I was
> wondering if anyone else came up with a creative strategy for
> implementing this policy.
Give developers and the release manager read-write access to the
branches directory, and then use a pre-commit hook to reject any commits
that include an add to the branches directory itself from anyone other
than the release manager?
There've been discussions on the list before about how to use pre-commit
hooks to allow tags to be created, but prevent them from being modified
afterwards; those discussions may be helpful.
-David
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 6 17:08:27 2006