[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preventing mistakenly deleting branch tags

From: Donald Sharp
Subject: Re: Preventing mistakenly deleting branch tags
Date: Mon, 4 Jun 2001 15:22:35 -0400
User-agent: Mutt/1.2.4i

On Mon, Jun 04, 2001 at 12:01:21PM -0700, Stephen Cameron wrote:
> --- Donald Sharp <sharpd@cisco.com> wrote:
> > On Mon, Jun 04, 2001 at 09:08:47AM -0700, Stephen Cameron wrote:
> [...]
> > My point was that, Adding a command line parameter to cvs to every 
> > command that you want to restrict isn't going to be easy or consistent.  
> > You are going to have to use different switches for different commands.
> > Plus once users start figuring out the command line switch to allow it
> > they will always use it.  The command line switch saying it's ok
> > will not work in the long run and will not prevent people from
> > doing bad things.  It's not security.  It's obscurity.
> You're right, it's not security.  It's safety.
> It prevents this mistake:
> cvs tag -d sometag
> "Oh crap, I meant to type someothertag!  sometag is my branch tag!!! ^C^C^C^C"

Your proposal doesn't stop this( adding another command line switch
doesn't stop people from typing the wrong branch/tag name. ).
There is nothing that can ever stop the accident from happening.

> Your proposal does not address this problem at all, yet it is an instance of
> the main problem which I am trying to address.  We have two different goals: 
> My goal: prevent _accidental_ move/delete of branch tags.  Your goal: prevent
> _intentional_ move/delete of (any?) tags, and more generally, restrict various
> random CVS commands to various random users at administrator's discretion.

I'll still argue that your goal and proposed solution does not prevent
accidental move/deletion of branch tags.  It's still to easy for 
a user to do this.....

There's a reason we have trusted users in unix( which is why I 
modeled my solution after this behaviour ).  The goal/hope is that
the trusted user can either a) not do a bad thing or b) quickly fix
a mistake or c) recognize they made a mistake and know enough to
stop and scream for help.  I get none of these when I allow
anyone to do anything they want to the repository.

I can never implement a solution that stops accidents from happening.
I can reduce them by giving the power only to users who actually
understand what they are doing.

> These two goals are independent.  You could have either, both, or neither.
> > 
> > Having the ability to restrict cvs commands to certain users is
> > maintainable and provides a much better security blanket.
> and it solves a different problem than I'm trying to solve.
> -- steve
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35 
> a year!  http://personal.mail.yahoo.com/
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs

reply via email to

[Prev in Thread] Current Thread [Next in Thread]