# People who administer the repository system.

@admins = sra randy sra@hactrn.net randy@psg.com

# For now we use user group @all to mean the cryptech core group.  If
# we ever have committers who are not core, we'll likely need a @core
# group here, and perhaps other groups.

# GPG signature hook.  Don't mess with this.

repo @all
     - VREF/gpg-check = @all

# Gitolite control repository.  Write restricted to sysadmins, since
# the VREF above is a form of access control we don't want bypassed,
# but allow any authorized user to read the config if they like.

repo gitolite-admin
    RW+ = @admins
    R	= @all

# Wiki (Markdown + Pelican + m.css) repository.  Same permissions as
# general repositories but needs special config for the pelican
# compile-on-push hook.

repo wiki
     RW+ = @all
     - VREF/pelican-build = @all

# Everything but the gitolite-admin repository is currently set up for
# "wild repositories" (http://sitaramc.github.com/gitolite/wild.html).
#
# We used to allow R for @all but restrict RW to WRITERS, but at the
# moment we just allow any authorized user to push to any wild
# repository.  Then we added "+" for any authorized user because it's
# required to delete old branches.  At which point there was no
# difference between CREATOR privs and everybody else's privs, so we
# just collapsed them.

repo [a-zA-Z0-9].*
    C	= @all
    RW+ = @all