By: Δημήτρης Γλέζος

Δημήτρης Γλέζος — Thu, 26 Jul 2007 18:47:20 +0000

Right, besides imposing ACLs on the VCS side, module maintainers have the choice to do so on the transifex side with a regex. This way, only the relevant files (eg. po/*.po, po/Changelog, po/LINGUAS) are presented to the translator.

Of course, as you already mentioned, this is orthogonal to the SSH keys: it works just in the web system. But it certainly controls a lot what one can and cannot do in the standard procedures of the web system.

By: Colin Walters

Colin Walters — Thu, 26 Jul 2007 02:47:32 +0000

Not sure if this was mentioned (or implemented) before but – somewhat orthogonal to your concerns about SSH keys, I would try to ensure that the system limits what can be committed; e.g. only changes to po/*.po.

If you implement this as a separate process (the one with access to the ssh keys), it seems reasonably safe.

Comments on: Transifex and SSH keys

By: Δημήτρης Γλέζος

By: Colin Walters