#
# Access Control Lists for TLD builder
#
# Format:
# 
# [login]: login of user, used in messages
# 
# gpg_emails: list of emails used in GPG signatures
#   Message is considered to be sent by this user if *any* of emails
#   listed is seen in "gpg: Good signature from ...<email>"
#   It is therefore important not to add any fake signatures to
#   keyring.
#
# mailto: where to send status notification for this user.
#   If not present gpg_emails[0] is assumed.
#
# privs: list of privileges. List is scanned left to right. If no
#   match is found access is denied. ! before item denies access.
#   Items have format <what-action>:<which-builder>[:<what-branch>],
#   where all three are shell wildcards and by default any branch is allowed.
#   <what-branch> may be only specified for: src, binary, ready and upgrade
#
# Actions:
#   src    -- build src rpm (only makes sense if <which-builder> is src 
#             builder)
#   binary -- build binary rpm
#   notify -- can send notification about build process on given builder.
#             Used in entries for binary builders.
#   ready  -- can start non-test builds
#   upgrade -- can start package upgrades
#   <number> -- minimum (highest) priority allowed (default: 10)
#
# Example:
# Allow access for binary builders, except for security builders.
# Also allow building src rpms (without it binary:* wouldn't make much 
# sense). Lowest priority allowe will be 3.
#
# [foo]
# gpg_emails = foo@tld-linux.org Foo.Bar@blah.com
# mailto foo-builder@blah.com
# privs = src:src !binary:security-* binary:* 3:*
#

[bin_builder_roke]
gpg_emails = bin_builder@roke.freak
privs = notify:*

[src_builder_roke]
gpg_emails = srpms_builder@roke.freak
privs = sign_queue:* notify:*

[malekith]
gpg_emails = malekith@tld-linux.org
mailto = malekith@roke.freak
privs = src:roke-src binary:roke-*:AC-branch