Re: Preventing mistakenly deleting branch tags

[Donald Sharp]

On Mon, Jun 04, 2001 at 12:01:21PM -0700, Stephen Cameron wrote:
> 
> --- Donald Sharp <sharpd@cisco.com> wrote:
> > On Mon, Jun 04, 2001 at 09:08:47AM -0700, Stephen Cameron wrote:
> [...]
> > My point was that, Adding a command line parameter to cvs to every 
> > command that you want to restrict isn't going to be easy or consistent.  
> > You are going to have to use different switches for different commands.
> > Plus once users start figuring out the command line switch to allow it
> > they will always use it.  The command line switch saying it's ok
> > will not work in the long run and will not prevent people from
> > doing bad things.  It's not security.  It's obscurity.
> 
> You're right, it's not security.  It's safety.
> 
> It prevents this mistake:
> cvs tag -d sometag
> "Oh crap, I meant to type someothertag!  sometag is my branch tag!!! ^C^C^C^C"

Your proposal doesn't stop this( adding another command line switch
doesn't stop people from typing the wrong branch/tag name. ).
There is nothing that can ever stop the accident from happening.

> 
> Your proposal does not address this problem at all, yet it is an instance of
> the main problem which I am trying to address.  We have two different goals: 
> My goal: prevent _accidental_ move/delete of branch tags.  Your goal: prevent
> _intentional_ move/delete of (any?) tags, and more generally, restrict various
> random CVS commands to various random users at administrator's discretion.

I'll still argue that your goal and proposed solution does not prevent
accidental move/deletion of branch tags.  It's still to easy for 
a user to do this.....

There's a reason we have trusted users in unix( which is why I 
modeled my solution after this behaviour ).  The goal/hope is that
the trusted user can either a) not do a bad thing or b) quickly fix
a mistake or c) recognize they made a mistake and know enough to
stop and scream for help.  I get none of these when I allow
anyone to do anything they want to the repository.

I can never implement a solution that stops accidents from happening.
I can reduce them by giving the power only to users who actually
understand what they are doing.

donald
> 
> These two goals are independent.  You could have either, both, or neither.
> > 
> > Having the ability to restrict cvs commands to certain users is
> > maintainable and provides a much better security blanket.
> 
> and it solves a different problem than I'm trying to solve.
> 
> -- steve
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35 
> a year!  http://personal.mail.yahoo.com/
> 
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs