fine-grained access control

[Matt Mackall]

On Thu, Apr 27, 2006 at 11:02:17AM -0700, Danek Duvall wrote:
> The ON gate is split into different pieces, depending on who is allowed to
> look at it.  As part of the opensolaris project, the gate was split into an
> open and a closed side (usr/src and usr/closed, respectively), where
> everything under usr/closed was not allowed to be published on
> opensolaris.org.  In addition, we have a couple of other adjunct gates
> which even most people at Sun aren't supposed to have access to, and so
> they're in completely different teamware workspaces, and not widely
> available.

The most feasible thing to do is to have separate repos for each side.
No magic required, greatly reduced risk programmatic or user error.
The only downside is that commits across the two won't be atomic. And
arguably this is actually a good thing.

Permission-based schemes are not going to work well with Mercurial.
It's decentralized so there's no good point at which to enforce
permissions without burying everything knee-deep in public key magic.
And dividing access along subdirectories (as opposed to punching holes
in history at the changeset level) definitely cuts against the grain
of Mercurial's design.

-- 
Mathematics is the supreme nostalgia of our time.