On Thu, 2016-01-21 at 19:25 -0500, Hendrik Boom wrote:
> In all the examples I've seen, in the read permissions file I get to
> use a pattern to specify which branches users are allowed to read.
> But there seems to be no such pattern in the write permissions file.
> Is there a reason for this? Or have I misunderstood?
That would require either (1) trusting the client to only send things
it's allowed to send; or (2) filtering out disallowed branch certs on
the server after receiving them, and ideally garbage-collecting the
revisions they'd been attached to (assuming no other branch certs, or
Option 1 doesn't fit very well with monotone's pervasive "always verify
Option 2 would probably be a lot of work to implement and get right,
especially since monotone doesn't remember *where* things in the db
There's also the idea that communication ought to be promiscuous, and
branch write permissions are more properly handled as trust hooks (or
the never-quite-implemented policy branches) and verified / enforced by
the client. Which means that fine-grained write permissions would be
getting things "wrong" for the sake of expediency, which doesn't fit
with the focus on correctness.