Private repositories

For a long time, people have asked that Gitorious support a fine-grained permissions system where repositories can be made private and access granted only to select users/groups. We have decided to develop this feature for Gitorious, and we need your help.

Some of you may know of the infamous merge request #115. This partially solves the problem at hand, but unfortunately not in a way that we can accept responsibility for. However, the discussion around this merge request spawned the idea of a fund-raiser, and that’s how we are going to do this.

How, what and when

Technically, this work will be based off of Rodrigo Rosas’ branch which replaces Gitorious’ authentication implementation with the Devise gem.

On top of this system we will implement role-based authorisation that extends to pushing and pulling git repositories, as well as scoping all user generated data on the web site (project information, repository activity, events of various kinds).

We will put as much authorization logic as possible in the generic layer already in place in Gitorious so that it can easily be utilized regardless of whether you are using database backed logins, LDAP or the upcoming Atlassian Crowd SSO support. This means you can use LDAP groups to manage access to Gitorious content.

We are ready to start this work early 2012, given proper funding. We have estimated this feature to roughly 4 weeks of work. Using our reduced hourly rate offered to Local Install customers, this comes out to $24000.

Private repositories will be developed and shipped as part of Gitorious mainline. It will not be offered as a free service on gitorious.org. This means we will ship some sort of configuration switch controlling whether or not this system is available in a given installation.

Is your company interested in using this feature? How about helping funding it? Get in touch, let us know the amount you would like to contribute, and if you have any specific features you would want us to account for. You can help fund this project anonymously if you so wish, but we recommend you allow us to tell the world what a great company you are for helping a free software project becoming even better!

Any contribution is appreciated. Email support@gitorious.org if you are interested. I will keep you guys updated on the donation progress here on the blog.

17 Comments

  1. Posted December 12, 2011 at 7:17 pm | Permalink

    What about placing a “Donate” button or something like using paypal?

    This way the community (not only companies) can give their contribution too.

    Phusion guys have implemented the “Passenger Enterprise” which is in fact a donatation program, where everybody who donates have their name on a big list, if they want.

    This is a not traditional way to do bussiness, but i think works well to.

    • Alexander Damhuis
      Posted December 13, 2011 at 8:37 am | Permalink

      I can only agree. Though i am an independent developer I work with others and we share code, etc.

      Gitorious is private at the moment in my installation, but I would love to open several projects/branches for public….

      Keeping it short – I am happy to donate some money, but I can not afford thousands. So if you guys provide a donation-opportunity count me in!

      Best regards,
      Alex

  2. Christian
    Posted December 14, 2011 at 10:23 am | Permalink

    A donate possibility for individuals would of course also be nice. Not my intention to block people out. I will get back with information on this.

  3. Waylon
    Posted December 20, 2011 at 8:49 pm | Permalink

    I’d be happy to donate personally if you open this up to individuals. Not saying I can give a lot but every little bit helps and I appreciate your work.

  4. 16aR
    Posted December 20, 2011 at 10:12 pm | Permalink

    Same for me :)

    For testing, I need to reinstall my server first. See you in a month :p

  5. Posted December 21, 2011 at 12:07 am | Permalink

    Thank you for the information you provide. very nice website

  6. Christian
    Posted December 21, 2011 at 12:45 pm | Permalink

    Quick update: Gitorious will have private repos next year! :) We have received donations that cover our entire estimate. We are very grateful for your support. More information will follow in January.

    Also, sorry for delaying on the personal contributions – we will set up a flattr account for those. Unfortunately/luckily we’ve been to busy in December to get around to it.

    Thanks again for your support!

  7. bryjeep
    Posted January 18, 2012 at 8:00 pm | Permalink

    Very happy to hear that this is going to happen. I have been following the Devise branch for a while now, because I like gitorious but I need more strict security. I need multiple groups each only able to see their own and these permissions we would want checked again LDAP server.

  8. bryjeep
    Posted February 1, 2012 at 4:29 pm | Permalink

    So whats been the progress on this, since the there was no updates in January.

  9. Fredrik
    Posted February 2, 2012 at 11:04 am | Permalink

    There’s a new branch in the git repo named private-repositories. I haven’t checked it out and have no idea about its working condition, but it looks lite they’ve started the development.

  10. Posted February 2, 2012 at 12:04 pm | Permalink

    I’m very happy to see that development on this has started. It’s a key feature that I’ve been looking forward to for ages. I’ll be keeping my eyes on this one for sure. Keep up the good work! :)

  11. Posted February 2, 2012 at 2:25 pm | Permalink

    Don’t forget to set up the Flattr account, as mentioned above. It takes 5 minutes. You could do it right now, instead of watching that ‘checking disks’ progress bar following the server upgrade. ;)

  12. Nomer
    Posted February 13, 2012 at 9:27 pm | Permalink

    “[Private repositories] will not be offered as a free service on gitorious.org”
    I’m perfectly fine with it not being free; however, I hope that some point I hope that you offer paid private repositories here (at gitorious.org)

  13. Posted February 23, 2012 at 4:12 pm | Permalink

    Quick update: Private repositories is now mostly working and almost there. Will post article next week.

    • bryjeep
      Posted February 25, 2012 at 5:31 pm | Permalink

      Sweet, looking forward to it.

  14. anish patel
    Posted March 29, 2012 at 9:07 pm | Permalink

    Can i donate to get a manual written for the darn thing? say 500 bux for a write up? or would it be more?

    • Christian Johansen
      Posted March 29, 2012 at 9:11 pm | Permalink

      A manual for what? Private repositories? Could you be a little more specific?


4 Trackbacks

  1. By Git at Magnolia | Greg’s ramblings on December 28, 2011 at 6:02 pm

    [...] in a few departments for us (most notably the private repositories – but there is finally progress on that front); it is quite monolithic, and I don’t feel comfortable dabbling in its codebase (as opposed [...]

  2. [...] — очередной git-хостинг. К сожалению, не поддерживает закрытые репозитории, HTTPS, а также имеет довольно странный интерфейс. Зато [...]

  3. By Private repositories « The Gitorious Blog on February 29, 2012 at 8:20 am

    [...] December’s request for donations, I’m happy to announce that the first version of Gitorious private repositories is now [...]

  4. [...] a company using Gitorious internally. A few months later, we asked for help from the community in implementing support for private repositories in Gitorious, a feature which landed in Gitorious mainline last [...]

Post a Comment

Required fields are marked *

*
*

Follow

Get every new post delivered to your Inbox.

Join 719 other followers

%d bloggers like this: