[Monotone-devel] Re: Re: Re: Re: How will policy branches work?

[Boris]

On Wed, 06 Feb 2008 18:33:29 +0200, Jack Lloyd <address@hidden> wrote:

> On Wed, Feb 06, 2008 at 10:52:20AM -0500, Zack Weinberg wrote:
>
> > What is the rationale for this requirement?  My knee-jerk reaction is
> > that this is ultimately impossible to enforce (untrusted dev A can go
> > over to trusted dev B and ask to be shown),
>
> I think the key here is the use of trusted: dev B is trusted to
> maintain a set of access controls. Just because he might fail to
> uphold that trust does not mean the access control is meaningless (you
> could equivalently argue that putting a password on a web application
> is meaningless, because someone could always find an exploitable hole
> in the httpd and access all the data that way).

Yes, exactly. Banks wouldn't need to lock their safes then either as there  
is always a way to enter. Noone is looking for a 100% secure solution -  
that doesn't exist anyway.

Currently there is however no control at all to make sure that when  
developers sync their databases directly that they don't send each other  
files the other one shouldn't get. I can setup and configure a central  
server but that doesn't help if I want to benefit from a distributed VCS  
(in general I want developers to sync directly if they want to). I would  
need to tell each and every developer how to configure their monotone  
databases - and each and every developer would need to configure the  
database manually. If I could save the permission settings in the database  
so developers wouldn't need to do anything anymore by default that would  
be great. While they will still be able to forward files to others in  
another way (not using monotone) it would be also nice if not everyone  
could change the permission settings stored in the database (the changes  
would spread through the whole system and everyone including me would use  
them, maybe without noticing).

Boris

> [...]