Re: Preventing mistakenly deleting branch tags

[Stephen Cameron]

--- Donald Sharp <sharpd@cisco.com> wrote:
> On Mon, Jun 04, 2001 at 09:08:47AM -0700, Stephen Cameron wrote:
[...]
> My point was that, Adding a command line parameter to cvs to every 
> command that you want to restrict isn't going to be easy or consistent.  
> You are going to have to use different switches for different commands.
> Plus once users start figuring out the command line switch to allow it
> they will always use it.  The command line switch saying it's ok
> will not work in the long run and will not prevent people from
> doing bad things.  It's not security.  It's obscurity.

You're right, it's not security.  It's safety.

It prevents this mistake:
cvs tag -d sometag
"Oh crap, I meant to type someothertag!  sometag is my branch tag!!! ^C^C^C^C"

Your proposal does not address this problem at all, yet it is an instance of
the main problem which I am trying to address.  We have two different goals: 
My goal: prevent _accidental_ move/delete of branch tags.  Your goal: prevent
_intentional_ move/delete of (any?) tags, and more generally, restrict various
random CVS commands to various random users at administrator's discretion.

These two goals are independent.  You could have either, both, or neither.
> 
> Having the ability to restrict cvs commands to certain users is
> maintainable and provides a much better security blanket.

and it solves a different problem than I'm trying to solve.

-- steve






__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/