diff --git a/src/gitolite.pm b/src/gitolite.pm
index 9501257..fcc122f 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -75,14 +75,15 @@ sub check_ref {
     # codes etc., but for now we're happy to just die.
 
     my ($allowed_refs, $repo, $ref, $perm) = @_;
-    for my $ar (@{$allowed_refs}) {
-        my $refex = (keys %$ar)[0];
+    my @allowed_refs = sort { $a->[0] <=> $b->[0] } @{$allowed_refs};
+    for my $ar (@allowed_refs) {
+        my $refex = $ar->[1];
         # refex?  sure -- a regex to match a ref against :)
         next unless $ref =~ /^$refex/;
-        die "$perm $ref $ENV{GL_USER} DENIED by $refex\n" if $ar->{$refex} eq '-';
+        die "$perm $ref $ENV{GL_USER} DENIED by $refex\n" if $ar->[2] eq '-';
 
         # as far as *this* ref is concerned we're ok
-        return $refex if ($ar->{$refex} =~ /\Q$perm/);
+        return $refex if ($ar->[2] =~ /\Q$perm/);
     }
     die "$perm $ref $repo $ENV{GL_USER} DENIED by fallthru\n";
 }
@@ -275,7 +276,7 @@ sub parse_acl
         $repos{$dr}{DELETE_IS_D} = 1 if $repos{$r}{DELETE_IS_D};
         $repos{$dr}{NAME_LIMITS} = 1 if $repos{$r}{NAME_LIMITS};
 
-        for my $u ('@all', @user_plus) {
+        for my $u ('@all', "$gl_user - wild", @user_plus) {
             my $du = $gl_user; $du = '@all' if $u eq '@all';
             $repos{$dr}{C}{$du} = 1 if $repos{$r}{C}{$u};
             $repos{$dr}{R}{$du} = 1 if $repos{$r}{R}{$u};
diff --git a/src/gl-compile-conf b/src/gl-compile-conf
index d6d6dbf..a6064ee 100755
--- a/src/gl-compile-conf
+++ b/src/gl-compile-conf
@@ -95,6 +95,9 @@ our %groups = ();
 # in between :)
 my %repos = ();
 
+# rule sequence number
+my $rule_seq = 0;
+
 # <sigh>...  having been forced to use a list as described above, we lose some
 # efficiency due to the possibility of the same {ref, perms} pair showing up
 # multiple times for the same repo+user.  So...
@@ -286,8 +289,9 @@ sub parse_conf_file
                         # that do *not* use NAME limits.  Setting a flag that
                         # can be checked right away will help us do that
                         $repos{$repo}{NAME_LIMITS} = 1 if $ref =~ /^NAME\//;
-                        push @{ $repos{$repo}{$user} }, { $ref => $perms }
-                            unless $rurp_seen{$repo}{$user}{$ref}{$perms}++;
+                        my $p_user = $user; $p_user =~ s/(creator|readers|writers)$/$1 - wild/;
+                        push @{ $repos{$repo}{$p_user} }, [ $rule_seq++, $ref, $perms ]
+                            unless $rurp_seen{$repo}{$p_user}{$ref}{$perms}++;
                     }
                 }
             }