<div> </div>
<div>Hi. There are a couple current threads here (ok, including one I started) which include discussion of ACL-like properties for branches. So I assume there is interest in this topic. I have had typically bad expereinces with the ACL layer tacked onto some commercial version control systems. So I am very cautious about suggesting similar "enhancements" to bzrlib. Instead, I've been thinking about the Un*x way -- many "little" tools, each of which does one job extremely well -- and leveraging the expertise and architecture already baked into every Linux box.</div>
<div> </div>
<div>Currently, I provide access controls for centralized "trunk" branches for about a dozen projects in my organization. In the simplest case, I set up a new branch a server and 'chown -R' the root of the branch to a specific dummy user and 'chmod og-rwx'. More generally, a single dummy user may own a "bzr group" of branches. My developers publish their RSA public keys. I then manage access by adding/removing their keys from the .ssh/authorized_keys in each dummy user's homedir. </div>
<div> </div>
<div>This scheme works fine for a small number of branches but quickly gets tedious. I started to imagine an administration tool, using a PyQt GUI with an SQLite backend to track the registered branches, dummy accounts across multiple severs and developer's public keys. As I went through the use cases, I realized right away that I wanted more fine-grained control. Namely, per-branch rather than per-dummy-user, because the membership of a "bzr group" may change. The only way I can think of getting per-branch control is by adding a user for *every* branch. I suppose that's not too bad (as long as users are deleted when their brnach is deleted) but it does seem a little clumsy. </div>
<div> </div>
<div>So can anyone think of a better way to get from per-user access control to per-branch access control with the tools we already have, i.e. without modifying bzrlib?</div>
<div> </div>
<div>Thanks,</div>
<div>~M</div>
<div> </div>