== BEFORE NEXT RELEASE == == BEFORE FIRST RELEASE! == [ ] Increment usage on keys should be done by events, with a predefined interval to not kill the database. [ ] Uploading/deleting a key will generate an event. [ ] Add first usage of ssh keys. [ ] Add count of usage for ssh keys. [ ] Reorder ssh keys by usage to speed up ssh login. [ ] In documentation, because of SELinux, we may want to restart some services. At least: xinetd, cron etc. Probably not, but I must test this. [ ] Check if adding/editing a bug generates notifications correctly. Maybe use a global function for notify_one. [ ] When we cannot process an event, mark it as failed and do not touch it again. [ ] Big confusion! An logged in user has a different ID than the one of the repo and it may have admin rights! Audit everything (rg_ui/login_ui/$uid). [ ] Checking mtime of event.php is not enough. Maybe checking version. Think of includes that may change. [ ] Checking for "rg_ui['uid'] == 0" may not be enough. Maybe rg_ui[['uid'] = repo['uid']? Or, everywhere add 'uid = ?' in queries. [ ] All operations must be verified with tokens. [ ] Check if we can give rights for a non-owning repo! We should check if the user that gives rights is the owner or has admin rights! == Medium == [ ] Add groups. [ ] We should warn the user if some users have lower rights than the default! [ ] Auto-create repos at clonse phase, not only at push phase. [ ] The link to a note should have an anchor to be able to go directly to the note. [ ] bug tracker is private? If the repo is, it should be also. [ ] When you watch a project, a note add to a bug will notify that watcher? Or we limit to edit/add/close bugs? [ ] We should also add organization/user next to repo in e-mails. [ ] Feature to be able to mark a note and the rest under it as read? [ ] Return error in rg_*_info( when you do not have access? [ ] SELinux: is not clear how I use SourceX: for .if/.te/.fc. [ ] SELinux: what about rocketgit_t access to postgresql through apache? [ ] Check why only 'tageted' policy is installed. [ ] Should I move the socket to /var/run (using tmp.d)? [ ] Use (organization, user, repo) instead of user/repo only. [ ] Bug:List: saved searches with spaces inside the name are not correctly escaped. Use _ instead of space, or properly escape it (ugly: %20 etc.)? [ ] "if ($res === FALSE) break" must set the error message! [ ] Carefull order the events. We do not want to build list notifications before adding a user to the watch list. [ ] If description is empty, do not insert a \n in 'new repo' e-mail. [ ] Remove last form in PHP: user.form.php. [ ] Current menu is not correctly shown as selected. [ ] If the confirmation code is truncated, an internal error is generated instead of a user error! [ ] Third option: anybody can create an account but must be validated by admin. [ ] After creating the account, keep the user logged in and allow login even if is not confirmed (option in config). [ ] 'application_name' must be set something like rocketgit-q/web/etc. [ ] When I close a bug, seems I add myself to the watch table again! [ ] Should we load the lables in rg_bug_info? [ ] Do we need a rg_bug_cosmetic for notes/users/repos/etc? [ ] when rights are revoked, also the watch list must be checked. [ ] When adding a note, add also a checkbox to watch that bug? [ ] Integrate remote_add.html. [ ] When I edit a bug, should I remove notes and add_note form? [ ] Add possibility to add/remove labels when adding a note? [ ] Bugs: show what filtering is active. [ ] Seems I cannot push to rg1! Do an update and check again? [ ] Bug: Do not allow adding labels if you do not have admin rights. [ ] Bug: Do not allow close/assign/etc. if you do not have admin rights. [ ] Menu must be loaded from template. [ ] Remove any HTML from code. [ ] List on the first page the latest commits. Do not forget to exclude private repos. [ ] Should we expire the reset password token? Why? Somebody can request another one! [ ] It is not clear that the owner has full rights (repo->admin->edit). [ ] Allow editing of bug searches. [ ] Admin: add a feature to become any user. This way we will not duplicate a lot of code for editing users/repos/etc. Allow admin to switch identities at will. [ ] Admin: add a feature to reset all passwords. [ ] Forgot link must use paras and not a parameter. This way we short the URL. Maybe send both HTML and plain e-mails? [ ] Check best practices for salt/pass/forgot pass etc. [ ] Create a unique index on users(username,organization)? [ ] We have a little problem: we need the ssh keyring to regenerate fast but we may have a big events queue. We may want to signal directly the regeneration script and to not store mark-dirty state. Hm. [ ] Optimize keyring invalidation. [ ] Put "create user" on login page! [ ] We should make stuff more robust. For example: CREATE REPO + HISTORY_INSERT. [ ] What happens if we unlock an unlocked resource? [ ] We have to record the renaming in the repo history. [ ] What happends if a user is doing a downgrade? Must not allow it. [ ] Use another home page for logged in users. [ ] repo_invalidate_cache does an implode that can reorder. Use repo_id as key? No. But use some combinations of paras. [ ] Why we use "FOR UPDATE" on 'events' table?! events.php is the only user. [ ] We need to parallelize the event processing. [ ] We need to add organization parameters next to repo_name! [ ] Check if there are unused parameters after name2base(_path). [ ] Remove any trace of $rr. [ ] After the switch from username to uid, should we pass uid into forms? [ ] How to deal with browser accessing an old name (after rename)? [ ] repo.php tests does not say "ok". [ ] Functions from util.inc.php set rg_util_error(). Use it. [ ] Remove all "exit(?)" calls. [ ] Locking is done in global dirs for tests. Use a local folder! [ ] We must provide a way to propagate errors from events! [ ] repo.inc should not depend on user.inc! [ ] rg_repo_info will have almost the same paras as rg_user_info! [ ] Add a maximum time to keep logs. [ ] Do not allow double ssh keys in database! Because when we output them in authorized_keys ssh will use the first one! [ ] Move everything 1 month back to simulate next month for slave tables. Better, do a unit test. [ ] To not wake up many times (for every sub-event), cache what was done (or max(id)) and ignore that wakeups. Of course, W will become W<ev_id>. [ ] If session expired and the user is trying to access a repo page, PHP errors occures. I think is related to login_ui/repo_ui. [ ] Unify repo_create with repo_update, as user_*. [ ] Clean notification inputs before starting to work to not receive a lot of them after processing is done. [ ] Description should not be present anywhere (web). Takes space. [ ] Seems that ls \.\. works. Check from security pov. [ ] Profiling in not reentrant. We should use a stack! [ ] We should not store repo_id0 into cache! [ ] We are redirecting the user to history page. Do not wait for git dir! [ ] Implement a cache like event.php. [ ] Set a policy in config.php and do the cleaning/compress of the log files. [ ] Fix the mail headers (+dkim) to avoid spam. [ ] http://joeyh.name/blog/entry/git_push_over_XMPP/ (ialbescu) [ ] Graphics with database/table/index sizes. [ ] Add history also for user. [ ] template_table can deal with a FALSE para: load error.html file in list/ [ ] Put in history how many visitors received. Maybe only whn hitting some limits? [ ] Run shaX 1000 times for login? [ ] There is no back button in tree browsing. [ ] Allow users to have templates repo to be used when creating a new repo. Also define global templates. [ ] In logs we should log the version! [ ] GeoIP [ ] Specify a timeout for push/fetch. [ ] Describe also the instalation. [ ] Allow search from the first page. [ ] Send notifications when a user is given rights to a repo. [ ] Detect hexa strings and link them to commits. [ ] Any user on a machine can look at repositories. Any user can connect to database. Fix also the README after fixing this. [ ] Provide OpenVPN tunnels. [ ] Errors should signal what field is not ok. [ ] Replace all *.form.php with templates. [ ] Also log errmsg[] array! [ ] Do we need subop=1 into login.html? [ ] Add possibility to donload the "CV" of a user. [ ] Happy birthday for projects/users/etc. [ ] Check if if we remove rocketgit, the repos stay! [ ] Bug rights: add note, anonymous add note, add label, add global search. [ ] Allow user to specify if is on windows/linux/etc. to be able to give specific hints. Hm. THe user may have multiple OSs. [ ] The selected menu is not colored different. [ ] http://rg.embedromix.ro:8000/user/catab/a13/admin/rights?edit_uid=19 should give an error! [ ] Pay attention to: https://github.com/sitaramc/gitolite/wiki: Please DO NOT send me pull requests via github. Instead, send me an email saying what URL and what branch to pull. (The pull system forces a --no-ff even if the merge is at the top of my branch and doesn't need one. It also gives me no chance to fix up minor typos, add any more text to the commit message, etc. I can do that afterward, but this forces a "push -f" or a trivial "typofix" commit). [ ] We should have a 'domain' variable for virtual hosting and use them in paths for locks/queues/repos etc. [ ] Merge requests should use a shorter path? What if a merge request is for other branch? [ ] See diff for merge requests. [ ] On master, list clones. [ ] Configuration: switch for SSL only. [ ] Internal mailing list? Or internal mail? [ ] We should have a cron/q/remote for every config file! Or, at least, to be host aware. [ ] It may be needed to use preg_quote! [ ] Install text files in /usr/share/doc [ ] JUNK1/JUNK2: http://rg.embedromix.ro:8000/user/catab/rocketgit/commit/afd1df2..f919c9b [ ] rg_log: why the fd is NULL?! [ ] We are escaping when we insert in database _and_ when we output on screen! What should we do? [ ] Add permission to add bug tracker to a project. [ ] When repo is empty, we should not show the Log/Tree menu. [ ] @@branch@@ is not defined for merge requests. Should it? Probably yes, to filter them. [ ] Fix diff output. Cannot deal with renames/removes/etc. [ ] Check admin creatin of an account. [ ] Add possibility to reject merge requests, to apply, to delete etc. [ ] Do we need to escape some chars in console (ssh rocketgit@host repo X)? [ ] We need to switch to a template for the user form to get rid of a lot of mambo-jumbo with the _u array passed! [ ] Show the API on the webpage, exactly like Blender. [ ] We can pass in authorized_keys aslo the key id. Maybe for usage? [ ] Migrate to a single function to deal with a request so we can do better unit testing. [ ] We should have a 'policy' table where we have something like: ID max_speed max_users max_disk_space and every user is associated with such a policy, based on payments etc. Example: user X paid some money, and we assign it to level 2 Level 2 has 4 users, max 100MiB disk space, 1Mbit/s speed. He creates a repo and assigns 2 users to it. [ ] Notifications when disk space is low. [ ] Check webSSO for authentification. [ ] Check http://gitlist.org/ [ ] use do {} while(0) to respect profiling! [ ] Enforce Signoff-by lines per project (a new permission) = reject commits without signoff! Maybe, do it generic, allow a text field to enumerate what should be in a commit! Also, present a list with checkboxex: at least Signoff-by, Reported-by, Acked-by! [ ] Linus on why GitHub sucks: https://github.com/torvalds/linux/pull/17#issuecomment-5654674 [ ] Warn if commit messages are too long (no wrap). [ ] Allow the possibility to send an e-mail to mainteiner from web with a pull request [ ] Check https://github.com/torvalds/linux/pull/17#issuecomment-5654674 [ ] Merge requests e-mail: explanation of why to pull, diffstat! Maybe also the patch if is small. [ ] Check git-request-pull [ ] Show the size of a repository. Also when you ssh from terminal. See git-count-objects and http://stackoverflow.com/questions/8185276/find-size-of-git-repo. [ ] Logo for project. Blender? [ ] Default branch per project[/user]. [ ] Main language of the project. [ ] Web site for a project. [ ] == Normal priority == [ ] [ ] Show last time use of a ssh key, or how many times was used, or both. [ ] Add hint about "ssh rocketgit@server" to quickly find status etc. [ ] rg_redirect does not record profiling information! [ ] git bundle [ ] How to sign merge requests?! [ ] Signal, with red, if a key was uploaded in the last X days. [ ] Store in a cookie the last uid used, and if > 0, lookup e-mail and prefill forgot password e-mail field. Not good. An attacker may iterate over all uids. But, with a token will be nice! [ ] Yeah BitBucket's pricing is much better they only charge on the number of collaborators. [ ] Permit "log" to see more rows. [ ] Allow admin to upload keys for a user. [ ] Make an option to not allow a client to upload keys. Why? To restrict this to admin? [ ] Can we bypass ssh auth to allow pushes? This way maybe we can identify client by fingerprint. [ ] Use rg_git_diff_tree to test for path based restrictions. Also, take care of renmaes, copies etc. [ ] See Gerrit: https://codereview.qt-project.org/#change,22764 [ ] user-conf: option: auto-create-repo-on-push [ ] Use git push to do all kind of commands: create repo, delete repo, update description etc. [ ] Allow user to create a template for repositories. [ ] Optionally init a repo with some files (README, TODO etc.) [ ] Check https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html [ ] Add RocketGit to https://git.wiki.kernel.org/articles/g/i/t/GitHosting_2036.html [ ] Add a dependency on sendmail. [ ] Improve e-mails to not be considered spam. [ ] Statistics (number, tool etc.) for project access. [ ] For bugtracker use BerliOS as a starting point. [ ] Allow (anonymous) editing files on web and transform them in merge request. [ ] On the first page no search form! It is useless! [ ] Add stats for a repo. Some stuff is already in git.inc.php. [ ] Anti-spam: hide e-mail addresses! [ ] Check if a merge request was integrated (hm; what integrated means?!) and signal this in merge requests list? [ ] Add rg_branch_allow_chars and rg_tags_allow_chars. [ ] repo/tag|branch/<name> page should put next to the commit also the tag/branch. [ ] Order tags by mtime desc. [ ] rg_repos should be split in rg_repos and rg_var_lib. [ ] $blocks = explode("@@left@@-=ROCKETGIT=-@@left@@", $a) - seems that \0 is replaced! [ ] Changing repo name probably is not working right. [ ] Check XSRF attacks and other types. [ ] Validate e-mails. [ ] Take care of PHP's time limit to not interfere with the rest. [ ] Run update.php before rpm upgrade the scripts. [ ] Store by uid the repos, and make links to them. Make a function to rename a username. We have to keep track of renames so old links will still work. [ ] Differentiate between owner of a repository, currently logged in user and admin. [ ] Warn before deleting a repo! [ ] Switch all menus to templates. [ ] Check double slashes in URLs. [ ] Automatically create user on anonymous push? [ ] I am not sure I can reload xinetd and httpd from spec file [ ] Check SELinux context on /var/lib/rocketgit [ ] admin: "Lock all accounts" and "Reset password for all accounts and send mail". [ ] rg_repo_allow seems to not be used. [ ] Get memory statistics from /proc. [ ] Delay connection to database. [ ] Add support for refs/notes/ pushes. [ ] When logging _SERVER variables, log only the ones prefixed by ROCKETGIT_. [ ] Ask password when doing any critical change of the account and send mail. [ ] Add commercial posibility for VPNs to be sure you can push/fetch safely. [ ] Add a possibility (link shown in push message) to delete/update/etc. the merge request. [ ] Allow a nonstandard port for web. [ ] Put form error messages next to the label. [ ] favicon.ico is not in theme! Should we put it in HTML? [ ] Create unit testing for all functions. [ ] Test error code for rg_sql_query. [ ] Log $ret['errmsg'] for rg_exec [ ] Audit code to replace parts with rg_internal_error. [ ] Allow SSH keys per repository (only)? [ ] Allow remote 'gc' of a repo, besides an automatic one. [ ] Take care of caching of passwords. Maybe allow a purge of a file from browser? [ ] "Lock" button to temporary block access to repository. Only owner will have access. We may add also a text that will be output to clients. [ ] List chages introduced by a merge: git diff-tree --always [--cc] -m -p f7d5b5770f4c6b5a124dad6358bed310d56bf909 [ ] ACL per IP (only for private repos). [ ] Check pack-protocol.txt! [ ] When push is executed with success, show a nice message from RocketGit. [ ] Move is_private member in repo array, not test for empty on default rights [ ] Move default rights to rights table - I do not remember why. Maybe for consistency. Ah, yes, also to be able to set rights per branches and per files. [ ] Log files may be written per repo and per user, with locking... [ ] Push may be always allowed - but will be done as a merge request! Cool. Disk space accounting? [ ] We should make a repo dirty only if user pushed something with success. [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> [ ] "Add key" form may be joined with list keys command! [ ] Allow to recover a deleted repository. [ ] Deny access in all functions to deleted repositories. [ ] Count the numbers of clones/pushes/pulls. [ ] Add memcache caching for all database lookups. [ ] Allow to configure the limit of the patch size to prevent abuses. [ ] Allow to configure to refuse binary files. [ ] Add a repo_prop_set/get function that will set/get a file in .git folder. This way we can speed up some lookups (no need for database). Hm. [ ] When we delete a repository, we will do repo_prop_set(repo, disabled) and we will return OK, in the background we will do the removing. Do not forget to also remove clones. Hm. [ ] E-mail aliases section. [ ] User details section (blog, avatar, mail notifications). [ ] Check if user is over-quota on push. [ ] The cron will have to: [ ] Compute disk usage, ignoring hard links. Hm. Probably we will add only the owner, even if the files have multiple links. TBD. [ ] [ ] UTF-8 checks of patches. [ ] W3C validation on all pages. [ ] Validate user and repo names. Probably other things. [ ] What happens if a user is suspended? Do we allow forgot pass sending? [ ] Do not allow session updates/any command if user is suspended after his/her login. [ ] Timeout for connections (ssh/git-daemon/etc.)! [ ] Check if we have to respect 4HEXA also on SSH. I think not. [ ] Limit number of simultaneously connection per repo and per user. Maybe also the time! [ ] Allow multiple virtual hosts, with different configurations. [ ] session_time should be set at login time? And/or default s_t should be set from database? [ ] Do not let user upload an already uploaded key. [ ] Do not permit more than X auth attempts per second. [ ] See prepare-commit-msg.sample - we can auto add a line to every commit. [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place? [ ] Limit number of commits per push. [ ] Compute disk_used_mb per user. [ ] Enforce disk quota. [ ] RSS [ ] Config file must be able to be set from a env var, to be able to run multiple instances of rocketgit on the same server. [ ] Smart HTTP transport [ ] Move forget pass token into users table. [ ] Audit all error messages to not propage usefull info to an attacker. Split in two error messages: one for logs and one for user. [ ] git-daemon connection - cannot get IP info? setenv? [ ] Do not show submenus if user is not logged in on repopage (ialbeascu) - duplicate menus?! maybe add an admin link in repopage that goes to repo. [ ] Nice graphic (unrelated to git): http://tctechcrunch2011.files.wordpress.com/2011/07/hadoop2.png?w=640 [ ] git-notes may be used to attach messages to commits. Nice. [ ] Store also the size of the patch along history/commit info. [ ] Check SELinux MLS [ ] Test if 'first_install' state is working correctly. [ ] Deal with empty repositories (rg_git_ls_tree etc.). [ ] Show age of an user/org/repo. Example: 1 year, 3 months, 4 days. [ ] The rewrite engine should pass a single op for user and for org, but with para org=0 or 1. This is to have the same page for both types of users. [ ] From: http://lwn.net/Articles/460376/ I can confirm that shortcomings with Gitorious' ACL systems were definitely one of the reasons we ended up deciding against it -- it's just not fine-grained enough and made it impossible to achieve the balance of project maintainer / repo manager autonomy and fool-proofness we wanted. gitolite makes us super-happy in that regard now, though. We use a Gitorious instance where I work. One thing that seems impossible to do is have custom hooks. Everything must go through Gitorious' global hooks. If there's a way around this (new version, black magic, whatever), I'd love to hear it. [ ] Allow git over TLS on a specific port (gits://...). [ ] KDE: http://news.ycombinator.com/item?id=2972107 [ ] To investigate how gitolite is dealing with pushes without custom daemon. [ ] Record in notes who pushed a commit first, for trace reasons? [ ] Add support for hooks/pre-receive-signature [ ] Work flows: Allow user to edit workflows. For example: - A merge request that is approved in a MR queue will make it automatically to the specified queues. [ ] At push time we may generate some nice informative output (commits, last time when current user commited etc.) [ ] Team suports [ ] Bulk add users/teams/repos/bugs/etc. == Low priority == [ ] If a user has no push access and creates merge request, but the owner pushed nothing, ssh cloning gives erros about HEAD not found. == Graphics == [ ] http://static.phpcloud.com/images/banner/phpcloudcom-spaceship-banner-970x404px.jpg [ ] == Versus == * http://www.wikivs.com/wiki/GitHub_vs_Gitorious * http://unfuddle.com/about/tour/plans * bitbucket.org * == To recheck == * http://techbase.kde.org/Projects/MovetoGit#Post_Update_hooks * == Rights management - to be implemented == - A user is trying to push some commits in a branch B, for a file F - The set of rights may be: Branch File Rights B2 dir/*.png FPA * dir2 A * * F