Q: howto require per-branch authentication to commit or push changes

[Maritza Mendez]

I think I am making this harder than it has to be.  I hope there is an easy
solution but I don't see it in either the user guide or user reference.
Other people must have similar requirements.

We are required to limit access -- especially commit rights -- on a
per-branch basis.  For example, Hector and Carlos can both commit to
Project_1 but Project_2 must deny access to Hector and Martitza.

If we use file:// then we can probably use filesystem permissions.

What if we are using the bzr smart server?  It seems like adding bzr+ssh
does only global authentication for the sever, not per-branch
authentication.

My first idea was to look for per-user authentication in each project, maybe
in Project/.bzr/branch/branch.conf  -- that probably would not be secure.

My second idea was to look in the bazaar program directory (we are using
windows) for a configuration file accessible only to root (which would be
more secure and easier to administer than storing authentication with the
individual branches).  That seems to be wrong.

Finally, it is not enough to simply allow access by username.  That is
trivial to fake.  Maybe the way to do this is to require signing and have a
conf file which has the public keys of only the users allowed to commit.

Thanks,
-M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20090403/21de2a10/attachment.htm