+ - ``ACL_DEBUG``: Whether to print some output with information decisions are 

+   based on.

+ - ``ACL_PROTECTED_NAMESPACES``: List of namespaces where the extra strong 

+   protections are in place.

+ - ``BLACKLIST_RES``: List of regular expressions with refs that can never be 

+   pushed.

+ - ``ACL_BLOCK_UNSPECIFIED``: Whether to deny pushes to branches that aren't 

+   either RCM, SIG or supported branches.

+ - ``UNSPECIFIED_BLACKLIST_RES``: List of regular expressions with refs that 

+   can't be used if unspecified.

+ - ``RCM_BRANCHES``: List of regular expressions with refs that people in the

+   RCM group can push.

+ - ``RCM_GROUP``: The group containing RCM members

+ - ``SUPPORTED_SIGS``: List of groups that grant access to sig_prefix-$signame-*

+   refs.

+ - ``SIG_PREFIXES``: List of prefixes for SIG refs.

+ :: 

+ 

+    ACL_DEBUG = False

+    ACL_BLOCK_UNSPECIFIED = False

+    ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']

+    RCM_GROUP = 'relenggroup'

+    RCM_BRANCHES = ['refs/heads/f[0-9]+']

+    # Pushing to c* stuff is never allowed

+    BLACKLIST_RES = ['refs/heads/c[0-9]+.*']

+    # Pushing to (f|epel|el|olpc)(num+) that is not previously approved

+    # (supported branches) is not allowed.

+    UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',

+                                 'refs/heads/epel[0-9]+',

+                                 'refs/heads/el[0-9]+',

+                                 'refs/heads/olpc[0-9]+']

+ ::

+ 

+    SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]

+    SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]

+    

+    # Branches to which *nobody* will be able to push (basically Fedora)

+    BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]

+    

+    ### Specific ACO group that will have access to all protected branches with RWC rights

+    RCM_GROUP = 'centos-rcm'

+    RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]