Re: Fishing for a General Permissions API (inspired by "importers" patch from Issuezilla)

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derek Robert Price <derek@ximbiot.com> writes:

> Hey all, there's a patch for an "CVSROOT/importers" file in the
> cvshome.org Issuezilla.  My inclination is to allow it if it is tidied
> up, but I thought I would fish for a discussion of a more general
> permissions scheme before that.  Anyone have any thoughts?
> 
> The background discussion is here:
> <http://ccvs.cvshome.org/issues/show_bug.cgi?id=157>.

I would rather see a CVSROOT/importinfo file with script that get run to
determine if the files being imported meet with the cvs administrator
critera for new imports.

Such a script could use something like cvs_acls to determine that a
given user was not allowed to do the import as well as determining that
the files being imported were not acceptable for other criteria. 

One of the biggest things I'd like to see such a script be able to
handle is to disallow vendor and version tags that do not match the
criteria provided by the administrator. Right now taginfo is fairly
useless if someone can easily wipe-out an existing tag thru use of
a 'cvs import'...

Having the special-purpose CVSROOT/importers seems less flexible to me.
        
For that matter, I think it might be useful to have trigger scripts for
'cvs checkout' and 'cvs update' to allow a cvs administrator to provide
a finer grained policy on what users may do with files in a repository.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD4DBQFAVkmW3x41pRYZE/gRAn+ZAJY0D9cNk4w5CXjzbhfusEXtfGXDAKDTU+Jy
smmnhciP17B0AyAefxTWuQ==
=QIzz
-----END PGP SIGNATURE-----