-[foo]
-emails = foo@bar baz@qux
-privs = !binary:alpha binary:* *:athlon
+#
+# Access Control Lists for PLD builder
+#
+# Format:
+#
+# [login]: login of user, used in messages
+#
+# emails: list of emails used in GPG signatures
+# First email in this list is used for notification.
+# Message is considered to be sent by this user if *any* of emails
+# listed is seen in "gpg: Good signature from ...<email>"
+# It is therefore important not to add any fake signatures to
+# keyring.
+#
+# privs: list of privileges. List is scanned left to right. If no
+# match is found access is denied. ! before item denies access.
+# Items have format <what-action>:<which-builder>, where both are
+# shell wildcards.
+#
+# Actions:
+# src -- build src rpm (only makes sense in src:src)
+# binary -- build binary rpm
+# notify -- can send notification about build process on given builder.
+# Used in entries for binary builders.
+#
+# Example:
+# [foo]
+# emails = foo@pld-linux.org Foo.Bar@blah.com
+# privs = src:src !binary:security-* binary:*
+#
+# Allow access for binary builders, except for security builders.
+# Also allow building src rpms (without it binary:* wouldn't make much
+# sense)
+#
+
+[bin_builder_roke]
+emails = bin_builder@roke.freak
+privs = notify:*
+
+[src_builder_roke]
+emails = srpms_builder@roke.freak
+privs =
[malekith]
emails = malekith@roke.freak malekith@pld-linux.org