[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] permissions
|
From: |
Timothy Brownawell |
|
Subject: |
Re: [Monotone-devel] permissions |
|
Date: |
Thu, 21 Jan 2016 23:24:39 -0600 |
On Thu, 2016-01-21 at 19:25 -0500, Hendrik Boom wrote:
> In all the examples I've seen, in the read permissions file I get to
> use a pattern to specify which branches users are allowed to read.
>
> But there seems to be no such pattern in the write permissions file.
>
> Is there a reason for this? Or have I misunderstood?
That would require either (1) trusting the client to only send things
it's allowed to send; or (2) filtering out disallowed branch certs on
the server after receiving them, and ideally garbage-collecting the
revisions they'd been attached to (assuming no other branch certs, or
descendant revisions).
Option 1 doesn't fit very well with monotone's pervasive "always verify
everything" approach.
Option 2 would probably be a lot of work to implement and get right,
especially since monotone doesn't remember *where* things in the db
came from.
There's also the idea that communication ought to be promiscuous, and
branch write permissions are more properly handled as trust hooks (or
the never-quite-implemented policy branches) and verified / enforced by
the client. Which means that fine-grained write permissions would be
getting things "wrong" for the sake of expediency, which doesn't fit
with the focus on correctness.