bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preventing mistakenly deleting branch tags


From: Donald Sharp
Subject: Re: Preventing mistakenly deleting branch tags
Date: Mon, 4 Jun 2001 12:43:54 -0400
User-agent: Mutt/1.2.4i

On Mon, Jun 04, 2001 at 09:08:47AM -0700, Stephen Cameron wrote:
> 
> --- Donald Sharp <sharpd@cisco.com> wrote:
> > On Mon, Jun 04, 2001 at 07:09:18AM -0700, Stephen Cameron wrote:
> > > 
> > > --- Donald Sharp <sharpd@cisco.com> wrote:
> > > regarding my patch about deleting branch tags.
> > > 
> > > > This doesn't stop people from pulling the trigger.  It just makes
> > > > it annoying and the user will definately figure it out.
> > > > 
> > > [...]
> > > Yeah, my intent was only to help prevent accidental deletion of branch
> tags.
> > > If a misguided user is bent on deleting a branch tag, my patch wouldn't
> stop
> > > them.  Extending your analogy, my patch is like a safety switch on a gun.
> > 
> > Except it only stops one tiny little misbehaviour on the users part.
> > Do you really want to add a new command line switch for every tag'ing
> > issue you would like to restrict?
> > 
> [...]
> > > 
> > > Hmm, it occurs to me that "cvs tag -F" which can move a tag should 
> > > probably
> be
> > > a bit wary of moving branch tags too.  I've had novice users in the past
> commit
> > 
> > This makes my point for me.  are you going to add another command line 
> > switch to the process to control this action?
> > 
> > It's better to define a certain class of commands that we don't
> > want ordinary cvs users to do.
> [...]
> 
> I think these are two independent goals.  I am saying it would be nice if guns
> had a safety so you don't accidently shoot yourself in the foot.  I think you
> are saying only certain people should have guns, so they can't shoot you or me
> in the foot. :-)
> 
> Now, you may have some ideas about how my (probably unoriginal) idea for a
> safety switch should be implemented, but I don't think it should be tied in
> with the "gun-licensing", since even experienced users are subject to
> accidents.

My point was that, Adding a command line parameter to cvs to every 
command that you want to restrict isn't going to be easy or consistent.  
You are going to have to use different switches for different commands.
Plus once users start figuring out the command line switch to allow it
they will always use it.  The command line switch saying it's ok
will not work in the long run and will not prevent people from
doing bad things.  It's not security.  It's obscurity.

Having the ability to restrict cvs commands to certain users is
maintainable and provides a much better security blanket.

donald


> 
> The "safety switch" seems pretty easy to implement.  The "gun-licensing" does
> not.  Also, it's not clear that a user configurable gun-licensing scheme would
> be practical _in most shops_ as a user who is given enough power to be useful
> is also given enough power to wreak havoc.  Of course you should feel free to
> hack away on it though.
> 
> [...]
> -- steve
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35 
> a year!  http://personal.mail.yahoo.com/
> 
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs



reply via email to

[Prev in Thread] Current Thread [Next in Thread]