info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Per-modules readers/writers ?

From: Shankar Unni
Subject: RE: Per-modules readers/writers ?
Date: Mon, 28 Oct 2002 13:44:50 -0800 
Greg Woods writes:

> It's all part of the same thing.  In computer 
> security you can't have any accountability without 
> authorisation, and to do authorisation you have to 
> have "strong" authentication [...]

Again, I agree with you on the principle. It makes perfect sense.

On the other hand, from a purely practical point of view, many
repository are trying to put in *some* level of control without having
to set up a full C2-style access control mechanism. Sure, it's not
perfect, but it's adequate in most situations (this is a judgement call,
and involves a resources vs security tradeoff).  

I'm sure you've seen typical corporate IT setups - everything is broken
up into departments, and the network administrators don't necessarily
cooperate with the domain administrators, who don't in turn work too
closely with the repository administrators. 

This makes it hard for the repository administrator to put in a level of
access control without having to spend days or months running after the
other departments, and genuflecting in front of the change review
boards.

Other competitive source-code control systems have such informal
mechanisms in place that are trivial to administer, _for the person who
is responsible for maintaining the repository_, and it's generally in
response to overwhelming customer demand.

--
Shankar.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]