ACLs and hgweb?
Jesse Glick
jesse.glick at sun.com
Wed Feb 27 15:54:17 CST 2008
Jeffrey Cunningham wrote:
> What about a system that takes its authorization list with it?
> Perhaps in some encrypted form? There could be a core person or group
> of persons who can add (or subtract), say, read or write privileges
> users. It could involve some kind of 'web of trust' like PGP.
I believe Monotone does something like this. Perhaps a similar system
could be implemented as a Mercurial extension if there is enough
interest. It would be interesting; you could pull promiscuously from
various sources but only selectively merge your own branch(es) with
heads signed by people you trust.
Anyway for the simple case of hgwebdir serving several repositories, it
is not difficult to set up per-repo ACL for push at least. You just make
Apache authenticate using HTTP basic authentication, then define a
separate web.allow_push list for each repo in its .hg/hgrc.
I have not heard of attempts to restrict view or pull access, but
perhaps you could do this with Apache configuration to permit access to
certain URLs to certain principals only.
More information about the Mercurial
mailing list