RE: Per-modules readers/writers ?

[Shankar Unni]

I think this discussion has hit a wall, but I'll answer these points
anyway. But I'm no longer pushing for such a feature to be included,
because of the obvious reluctance of so many, so we can let this
discussion drift away..

Greg Woods wrote:

> If you're happy without real security then why don't you just
> move your repository over to M$-NT and run CVSNT?

Cost? Utility? Stability?  (And besides, is it your contention that
Linux filesystem security is "real" security? All I have to do is break
into the machine as root using one of the many unpatched
vulnerabilities, and the whole repository is mine..)

NT Server costs $$$. Besides, I don't like NT Server very much anyway as
a server - a Linux server is far more versatile and solid. In fact, we
did start off using CVSNT on an NT box, and after several dozen blue
screens and one repository corruption, I gave up on the stupid thing.

On the other hand, I can't very well go up to, say, the CIO and tell
them that I want the whole company to ditch Microsoft and implement a
whole new Grand Unified Authentication and Authorization mechanism
across the company.  I could, if I wanted to make it my personal
full-time evangelism and crusade, but I have to live within real-life
constraints.

Look, I understand where you come from regarding security, and grafting
on security mechanisms on top of each other.  On the other hand, what
most of us are looking for here are not absolute, drop-dead, guaranteed
security, but a mere semblance of an approximation of authorization
walls.  

In most of our environments, we don't have gangs of hostile hackers
wandering around looking for things to break into. These are more like
little doorlocks that exist merely as an indication to law-abiding
employees that the contents are not for them. Certainly there is no
intention to make the protection criminal-proof, because that would be
enormously difficult.

I'm not making my repository public to Joe Random from Little Rock, AK,
and I'm not trying to make my repository more secure than my company's
overall IT infrastructure. I understand that implementing such a feature
may lead someone else to think that that would make CVS secure enough to
put it on a public internet with national secrets protected only by this
mechanism, but that could be addressed by a warning or something..

For example, pserver isn't really (or even remotely) secure either, and
it's there for good or bad, because there's such an *overwhelming*
demand and need for it. I know you'd like to rip it out and throw it
away, but you'll never hear the end of the screaming if you did so.

Still, I hear the reluctance from the faithful, so I'll no longer push
for this feature, anyway.. I'll still look to try to back-port
non-security-related features where it would be easy and useful..

--
Shankar.