On Fri, 4 Jan 2008 12:09:49 -0600, "Jeff Pohlmeyer" yetanothergeek@gmail.com wrote:
Well, IIRC there is no way at sourceforge to finetune access permissions of the SVN repo, everyone who has write access can write all files in the repo. But I think this isn't a problem as long as nobody commits any code in paths where he shouldn't.
Hmmm.. I thought maybe you could to set up restrictions for various users and directories. Of course it's up to you,
I just had a look at the admin area on SF and I can only give SVn write access to SF users but I can't say user John is allowed to write in directory geany_plugins and user Jane is allowed to write in directory geany. If one has write access, he has write access to the whole repository.
but it seems like it might turn into a real administrative nightmare, whether to allow John Doe write access to the entire repository for his new coffeemaker plugin, or risk hurting his feelings by rejecting it.
Hmm, I thought it might work by saying you can technically write to everything in the repository but you are only responsible for your plugin code and have to left all other things as they are. We are not talking about anonymous right access, only to user who are registered at SF and who I(or Nick) added to the Geany project as developers. But maybe there is another, better solution for all this. Maybe by creating an extra SF project explicitly for Geany plugins. Or we just forget all about this and every plugin author has to decide on its own whether and where he use a version control system. The idea behind this was only to offer the possibility to use our SVN repo in case the author want to use own and doesn't have the ability to use a version control system anywhere else. Just to mention it there is http://repo.or.cz/ where one can create a GIT repository for free.
There is another problem with installing binaries from the net: security. A security aware user shouldn't install or use any binaries without proper verification.
Which I think also argues for keeping SVN commit access to a bare minimum.
Well yes and no. Basically you are right but if anyone would commit any crap to geany itself without any confirmation we at least see what he has done in the commit messages. There is a commit mailing list (http://uvena.de/cgi-bin/mailman/listinfo/geany-commits) which is at least read by me and Nick and so we see that someone has committed something and in case it's really bad we can revert it and remove the write access of this user.
Regards, Enrico