[darcs-users] Access control

[Erik Schnetter]

Hi,

we (numrel.aei.mpg.de) have many cooperations with other institutions 
and people, and we currently use a hack built out of CVS, pserver, and 
AFS to manage who has access to what repository, of which we have many.  
This does the job, but it turns out to be a nightmare to administer.  
On top of that, CVS uses the pserver protocol which is not really 
secure.

What access control mechanism do you use for your repositories?  How do 
you administer this?

For darcs, I know that you can use gpg-signed emails for fine grained 
write access control.  Http provides neat world-wide read access, but 
how would you handle repositories that should not be available to 
everybody?  We currently use ssh-based access control for a project 
that is managed through darcs (www.carpetcode.org), but this does not 
differentiate between read and write access.



The features that we are looking for are:

1. Works for many repositories, not just one or three

2. Not only write but also read access can be controlled

3. Should be easy to administer, possibly by the project leader without 
help from an expert

4. Should be easy to use for the end user (we're currently already 
fighting an uphill battle for making people switch both from CVS to 
darcs and from pserver passwords to ssh keys at the same time; people 
have inertia)

Are we the only institution with such a problem?

-erik

-- 
Erik Schnetter <schnetter at aei.mpg.de>   http://www.aei.mpg.de/~eschnett/

My email is as private as my paper mail.  I therefore support encrypting
and signing email messages.  Get my PGP key from www.keyserver.net.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20050429/b16b8ed3/attachment.pgp