| From: | Joerg Jaspert <joerg(at)debian(dot)org> |
|---|---|
| To: | Ian Jackson <ijackson(at)chiark(dot)greenend(dot)org(dot)uk> |
| Cc: | spi-general(at)lists(dot)spi-inc(dot)org |
| Subject: | Re: Meeting agenda bot, website, git, ssh |
| Date: | 2009-01-21 09:06:48 |
| Message-ID: | 87ocy1rpsn.fsf@vorlon.ganneff.de |
| Views: | Raw Message | Whole Thread | Download mbox |
| Thread: | |
| Lists: | spi-general |
>> > Is there one single access control setup for the whole thing, or are
>> > there several ? It would be nice to be able to let people edit the
>> > website without giving them the power to run code on the server, for
>> > example.
>> Noone gets access to the server directly. :)
>> (Well, in case someone needs access to a server, we can certainly
>> arrange things. But thats completly seperate from git access)
> If the code for something running on the server is kept in git then
> effectively everyone who can write to the git can run code on the
> server, because even if pushing to the running copy is manual no-one
> will review every diff.
Are we up to splitting hairs now? :)
So, for that:
Noone except us admins has shell access to the box the git repo is on.
Yes, of course, if you can commit stuff you can commit bad things too.
Somehow thats (technically) not avoidable. Unless you want one of us
admins play gatekeeper, and *I* sure not want to add such a
restriction.
--
bye, Joerg
[Kaffeemaschinen und Babies]
Funktioniert aber so ähnlich: Du füllst oben was rein und unten kommt's braun raus...
-- Martin Würtele
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Jackson | 2009-01-21 10:27:51 | Re: Meeting agenda bot, website, git, ssh |
| Previous Message | Ian Jackson | 2009-01-20 11:22:27 | Re: Meeting agenda bot, website, git, ssh |