--- /dev/null
+#
+# Access Control Lists for PLD builder
+#
+# Format:
+#
+# [login]: login of user, used in messages
+#
+# gpg_emails: list of emails used in GPG signatures
+# Message is considered to be sent by this user if *any* of emails
+# listed is seen in "gpg: Good signature from ...<email>"
+# It is therefore important not to add any fake signatures to
+# keyring.
+#
+# mailto: where to send status notification for this user.
+# If not present gpg_emails[0] is assumed.
+#
+# privs: list of privileges. List is scanned left to right. If no
+# match is found access is denied. ! before item denies access.
+# Items have format <what-action>:<which-builder>[:<what-branch>],
+# where all three are shell wildcards and by default any branch is allowed.
+# <what-branch> may be only specified for: src, binary, ready and upgrade
+#
+# Actions:
+# src -- build src rpm (only makes sense if <which-builder> is src
+# builder)
+# binary -- build binary rpm
+# notify -- can send notification about build process on given builder.
+# Used in entries for binary builders.
+# ready -- can start non-test builds
+# upgrade -- can start package upgrades
+# <number> -- minimum (highest) priority allowed (default: 10)
+#
+# Example:
+# Allow access for binary builders, except for security builders.
+# Also allow building src rpms (without it binary:* wouldn't make much
+# sense). Lowest priority allowe will be 3.
+#
+# [foo]
+# gpg_emails = foo@pld-linux.org Foo.Bar@blah.com
+# mailto foo-builder@blah.com
+# privs = src:src !binary:security-* binary:* 3:*
+#
+
+[bin_builder_roke]
+gpg_emails = bin_builder@roke.freak
+privs = notify:*
+
+[src_builder_roke]
+gpg_emails = srpms_builder@roke.freak
+privs = sign_queue:* notify:*
+
+[malekith]
+gpg_emails = malekith@pld-linux.org
+mailto = malekith@roke.freak
+privs = src:roke-src binary:roke-*:AC-branch