[Geany] Common SVN repository for plugins

Enrico Tröger enrico.troeger at xxxxx
Sun Jan 6 16:27:08 UTC 2008 

On Fri, 4 Jan 2008 12:09:49 -0600, "Jeff Pohlmeyer"
<yetanothergeek at gmail.com> wrote:

> > Well, IIRC there is no way at sourceforge to finetune
> > access permissions of the SVN repo, everyone who has
> > write access can write all files in the repo. But I
> > think this isn't a problem as long as nobody commits
> > any code in paths where he shouldn't.
> 
> Hmmm.. I thought maybe you could to set up restrictions
> for various users and directories. Of course it's up to you,
I just had a look at the admin area on SF and I can only give SVn write
access to SF users but I can't say user John is allowed to write in
directory geany_plugins and user Jane is allowed to write in directory
geany. If one has write access, he has write access to the whole
repository.

> but it seems like it might turn into a real administrative
> nightmare, whether to allow John Doe write access to the
> entire repository for his new coffeemaker plugin, or risk
> hurting his feelings by rejecting it.
Hmm, I thought it might work by saying you can technically write to
everything in the repository but you are only responsible for your
plugin code and have to left all other things as they are. We are not
talking about anonymous right access, only to user who are registered
at SF and who I(or Nick) added to the Geany project as developers. But
maybe there is another, better solution for all this. Maybe by creating
an extra SF project explicitly for Geany plugins. Or we just forget all
about this and every plugin author has to decide on its own whether and
where he use a version control system.
The idea behind this was only to offer the possibility to use our SVN
repo in case the author want to use own and doesn't have the ability to
use a version control system anywhere else.
Just to mention it there is http://repo.or.cz/ where one can create a
GIT repository for free.

> > There is another problem with installing binaries from
> > the net: security.  A security aware user shouldn't
> > install or use any binaries without proper verification.
> 
> Which I think also argues for keeping SVN commit access to
> a bare minimum.
Well yes and no. Basically you are right but if anyone would commit any
crap to geany itself without any confirmation we at least see what he
has done in the commit messages. There is a commit mailing list
(http://uvena.de/cgi-bin/mailman/listinfo/geany-commits) which is at
least read by me and Nick and so we see that someone has committed
something and in case it's really bad we can revert it and remove the
write access of this user.


Regards,
Enrico

-- 
Get my GPG key from http://www.uvena.de/pub.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.geany.org/pipermail/users/attachments/20080106/13d6281e/attachment.pgp>

More information about the Users mailing list