permissions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

permissions

Hendrik Boom-2
In all the examples I've seen, in the read permissions file I get to
use a pattern to specify which branches users are allowed to read.

But there seems to be no such pattern in the write permissions file.

Is there a reason for this?  Or have I misunderstood?

-- hendrik

_______________________________________________
Monotone-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monotone-devel
Reply | Threaded
Open this post in threaded view
|

Re: permissions

Tim Brownawell
On Thu, 2016-01-21 at 19:25 -0500, Hendrik Boom wrote:
> In all the examples I've seen, in the read permissions file I get to 
> use a pattern to specify which branches users are allowed to read. 
>
> But there seems to be no such pattern in the write permissions file.
>
> Is there a reason for this?  Or have I misunderstood?

That would require either (1) trusting the client to only send things
it's allowed to send; or (2) filtering out disallowed branch certs on
the server after receiving them, and ideally garbage-collecting the
revisions they'd been attached to (assuming no other branch certs, or
descendant revisions).

Option 1 doesn't fit very well with monotone's pervasive "always verify
everything" approach.

Option 2 would probably be a lot of work to implement and get right,
especially since monotone doesn't remember *where* things in the db
came from.

There's also the idea that communication ought to be promiscuous, and
branch write permissions are more properly handled as trust hooks (or
the never-quite-implemented policy branches) and verified / enforced by
the client. Which means that fine-grained write permissions would be
getting things "wrong" for the sake of expediency, which doesn't fit
with the focus on correctness.

_______________________________________________
Monotone-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monotone-devel