bzr serve and access control?

[Josef Wolf]

On Tue, Feb 02, 2010 at 11:05:49PM +1100, Ben Finney wrote:
> Josef Wolf <jw at raven.inka.de> writes:
> 
> > 1. Create user accounts and rely on filesystem access control. This
> > way you end up with having lots of user accounts, which you might not
> > want to have, since it is a server. In addition, managing user groups
> > become a pain very quickly.
> 
> This is the option that would be most natural, AFAICT. I don't
> understand the connection between “it is a server” and “you might not
> want [user accounts for users]”. It sounds very much like you *do* want
> user accounts.

No, I do not want user accounts. I just want to give other people access
to specific repositories. This is not necessarily the same. For example,
check out gitolite and/or (in case of subversion) apaches htaccess or
svnserve for ways to give other people access to repositories without
creating real system accounts.

> > 2. Create one account per repository and use authorized_keys to give
> > permission to users. No way to give read-only access this way. In
> > addition, it is not possible to give users possibility to create new
> > repositories on the fly by themselves.
> 
> All true. It's a trade-off: you lose all the flexibility of proper user
> accounts, while gaining the simplicity of avoiding user accounts.

This does not have to be a tradeoff. You don't have such a tradeoff with git
and you don't have such a tradeoff with subversion (I don'T know about other
VCS's, though). With git, you can use gitolite and for svn, you can use
mod_dav_svn over ssl. So you have the simplicity without loosing the
flexibility.

Bazaar could also have both, if only it would pass the required information
(which repository, and which type of access) on the command line, as I
described at the beginning of the thread.