[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS access control
From: |
Eric Siegerman |
Subject: |
Re: CVS access control |
Date: |
Wed, 26 Sep 2001 16:22:00 -0400 |
User-agent: |
Mutt/1.2.5i |
On Wed, Sep 26, 2001 at 10:45:50AM -0400, address@hidden wrote:
> >When you're at it, you should also allow for different ruling on different
> >branches, not only directories.
>
> I'm kind of against this, too, since branch-level permissions don't afford
> security at all since the archive file is still writable. All these ACLs
> will afford is a false sense of security.
"[no] security at all" is kind of an overstatement. The security
provided by a CVS-level permissions scheme would be weak, but not
nonexistent. It wouldn't prevent a malicious user from
committing to the wrong branch, but it would prevent people from
doing so by accident/carelessness. This concurs perfectly with
CVS's existing security model. For example, the up-to-date check
guards against my stomping your changes by accident, but doesn't
prevent me from stomping them with a bit of work ("cvs up -f1.5
-j1.4 foo.c" or "cvs up foo.c; mv foo.bak foo.c").
For many purposes, weak protection might be good enough to
protect against unwanted actions by your authorized users, in
conjunction with strong security to keep out unauthorized people.
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
The world has been attacked. The world must respond ... [but] we must
be guided by a commitment to do what works in the long run, not by what
makes us feel better in the short run.
- Jean Chrétien, Prime Minister of Canada
- CVS access control, Matthew Versluys, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/26
- Re: CVS access control, yap_noel, 2001/09/27
- RE: CVS access control, Andrew McGhee, 2001/09/27