[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Preventing mistakenly deleting branch tags
From: |
Donald Sharp |
Subject: |
Re: Preventing mistakenly deleting branch tags |
Date: |
Mon, 4 Jun 2001 15:22:35 -0400 |
User-agent: |
Mutt/1.2.4i |
On Mon, Jun 04, 2001 at 12:01:21PM -0700, Stephen Cameron wrote:
>
> --- Donald Sharp <sharpd@cisco.com> wrote:
> > On Mon, Jun 04, 2001 at 09:08:47AM -0700, Stephen Cameron wrote:
> [...]
> > My point was that, Adding a command line parameter to cvs to every
> > command that you want to restrict isn't going to be easy or consistent.
> > You are going to have to use different switches for different commands.
> > Plus once users start figuring out the command line switch to allow it
> > they will always use it. The command line switch saying it's ok
> > will not work in the long run and will not prevent people from
> > doing bad things. It's not security. It's obscurity.
>
> You're right, it's not security. It's safety.
>
> It prevents this mistake:
> cvs tag -d sometag
> "Oh crap, I meant to type someothertag! sometag is my branch tag!!! ^C^C^C^C"
Your proposal doesn't stop this( adding another command line switch
doesn't stop people from typing the wrong branch/tag name. ).
There is nothing that can ever stop the accident from happening.
>
> Your proposal does not address this problem at all, yet it is an instance of
> the main problem which I am trying to address. We have two different goals:
> My goal: prevent _accidental_ move/delete of branch tags. Your goal: prevent
> _intentional_ move/delete of (any?) tags, and more generally, restrict various
> random CVS commands to various random users at administrator's discretion.
I'll still argue that your goal and proposed solution does not prevent
accidental move/deletion of branch tags. It's still to easy for
a user to do this.....
There's a reason we have trusted users in unix( which is why I
modeled my solution after this behaviour ). The goal/hope is that
the trusted user can either a) not do a bad thing or b) quickly fix
a mistake or c) recognize they made a mistake and know enough to
stop and scream for help. I get none of these when I allow
anyone to do anything they want to the repository.
I can never implement a solution that stops accidents from happening.
I can reduce them by giving the power only to users who actually
understand what they are doing.
donald
>
> These two goals are independent. You could have either, both, or neither.
> >
> > Having the ability to restrict cvs commands to certain users is
> > maintainable and provides a much better security blanket.
>
> and it solves a different problem than I'm trying to solve.
>
> -- steve
>
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
>
> _______________________________________________
> Bug-cvs mailing list
> Bug-cvs@gnu.org
> http://mail.gnu.org/mailman/listinfo/bug-cvs
- Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/01
- Re: Preventing mistakenly deleting branch tags, Donald Sharp, 2001/06/01
- Re: Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Donald Sharp, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Donald Sharp, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/04
- Re: Preventing mistakenly deleting branch tags,
Donald Sharp <=
- Re: Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Larry Jones, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Donald Sharp, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Larry Jones, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Stephen Cameron, 2001/06/04
- Re: Preventing mistakenly deleting branch tags, Derek R. Price, 2001/06/04