After December’s request for donations, I’m happy to announce that the first version of Gitorious private repositories is now available for testing.
What is it?
With the new private repositories feature, you can allow users of your Gitorious installation to control who gets access to their projects and repositories. Create private projects where you invite only the members of your team to collaborate, protect only certain repositories until they are mature enough, or what have you. See the wiki for a full description.
Note that private repositories is an opt-in feature, and will not be available on gitorious.org.
How does it work?
When creating new projects and repositories, you will be given the option to make them private:
Projects can retroactively be made private by clicking the “manage access” button in the right column on the project page:
Repositories can retroactively be made private by clicking the “manage read access” button in the right column on the repository page:
When managing access to a project or repository, you can make it private simply by clicking the “make private” link:
When a project or repository has been made private, you can add and remove collaborators (users and teams) using the same kind of UI that is used to add committers to a repository:
Private repositories will ship with Gitorious 2.2.0. Currently, it’s available on the private-repos branch. To take it for a spin, please follow the instructions in the wiki. We would love feedback on this feature – bugs, UI things, whatever, so we can hone it before merging it back onto master.
If you discover any issues with the solution, please report bugs. We will merge the feature onto master within a week or two, depending on feedback from the community. If you intend to use this feature, please try it out now.
Integration with LDAP ++
The current implementation of private repositories only authorizes users using the database. However, as other authorization mechanisms in general, and LDAP in particular, was clearly desired by the community, the implementation is designed to take pluggable authorization strategies. The API for this may need a few more tweaks, but will be documented in the wiki as well shortly. If you intend to try integrating authorization with a third-party system, get in touch (mailing list, irc, here, whatever).
Private repositories is a community funded feature. I want to express our sincere gratitude to everyone who reached out to us and helped us deliver this feature.