summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2015-01-08 13:29:41 +0100
committerRob Austein <sra@hactrn.net>2015-01-08 13:29:41 +0100
commitb781f0199ffbea949c3e269ffa3e30077c5dc84f (patch)
tree5254db2c1fca2a628328adba7ca9041f796a0f7a /conf
parentd39b6df8f82780fe3b5987cff568056550992855 (diff)
Policy change: all authorized users now allowed to push to any wild
repository.
Diffstat (limited to 'conf')
-rw-r--r--conf/gitolite.conf24
1 files changed, 3 insertions, 21 deletions
diff --git a/conf/gitolite.conf b/conf/gitolite.conf
index 6bbe627..01a6860 100644
--- a/conf/gitolite.conf
+++ b/conf/gitolite.conf
@@ -22,28 +22,10 @@ repo gitolite-admin
# Everything but the gitolite-admin repository is currently set up for
# "wild repositories" (http://sitaramc.github.com/gitolite/wild.html).
#
-# In theory, this lets authenticated users create their own
-# repositories without needing to touch this file.
-#
-# In all of these, we allow read permission to @all, on the theory
-# that it doesn't make much sense to restrict read via SSH while
-# allowing it via plain HTTP. So we have no current use for the
-# READERS role. Add it back if we ever find a use for it.
-
-# Principal of Least Astonishment says that users should create
-# repositories that look like they belong to other users.
-
-repo users?/CREATOR/..*
- C = @all
- RW+ = CREATOR
- RW = WRITERS
- R = @all
-
-# Other wild repositories. Might consider restricting top-level to
-# enforce a particular hierarchy, ask the users what they want.
+# We used to allow R for @all but restrict RW to WRITERS, but at the moment
+# we just allow any authorized user to push to any wild repository.
repo [a-zA-Z0-9].*
C = @all
RW+ = CREATOR
- RW = WRITERS
- R = @all
+ RW = @all