blob: 6bbe62763cccf2c3dbd803100a4ad36a57090cc2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# People who administer the repository system.
@admins = sra randy sra@hactrn.net randy@psg.com
# For now we use user group @all to mean the cryptech core group. If
# we ever have committers who are not core, we'll likely need a @core
# group here, and perhaps other groups.
# GPG signature hook. Don't mess with this.
repo @all
- VREF/gpg-check = @all
# Gitolite control repository. Write restricted to sysadmins, since
# the VREF above is a form of access control we don't want bypassed,
# but allow any authorized user to read the config if they like.
repo gitolite-admin
RW+ = @admins
R = @all
# Everything but the gitolite-admin repository is currently set up for
# "wild repositories" (http://sitaramc.github.com/gitolite/wild.html).
#
# In theory, this lets authenticated users create their own
# repositories without needing to touch this file.
#
# In all of these, we allow read permission to @all, on the theory
# that it doesn't make much sense to restrict read via SSH while
# allowing it via plain HTTP. So we have no current use for the
# READERS role. Add it back if we ever find a use for it.
# Principal of Least Astonishment says that users should create
# repositories that look like they belong to other users.
repo users?/CREATOR/..*
C = @all
RW+ = CREATOR
RW = WRITERS
R = @all
# Other wild repositories. Might consider restricting top-level to
# enforce a particular hierarchy, ask the users what they want.
repo [a-zA-Z0-9].*
C = @all
RW+ = CREATOR
RW = WRITERS
R = @all
|
