Re: symbolically linked module root

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin Layer <address@hidden> writes:

> I want to give a contractor access to one module in my repository.
> Let's say I have this situation:
> 
> cvsroot/
>   CVSROOT
>   moda
>   modb
>   modc
>   ...
> 
> Because I have a large number of checkouts of `modc', I can't just
> move it to a new repository.  I'm thinking of creating a new
> repository directory like this:
> 
> cvsroot2/
>   CVSROOT -> ../cvsroot/CVSROOT
>   modc -> ../cvsroot/modc
> 
> and having them use cvsroot2 as their repository.
> 
> Is this safe?

Not really... cvs does not really understand symbolic links and is
potentially going to give you problems with locking the directories
in that manner. It might work as you have outlined if you are NOT
using the LockDir directive in CVSROOT/admin, but it is not clear
to me how you could stop the contractor from getting access to cvsroot/
in the first place.

> Is there a better way to do what I want to do?

a) Hire trustworthy contractors and give them full access to your
   sources.

b) Use UNIX permissions such that he is in a group that may only
   read/write the modc tree.

c) Have someone else checkout sources for the contractor and then
   have the contractor submit patches to a designated set of users
   to have them commit the changes into the tree.

d) Move the modc module to a separate repository and let your own
   people share the pain of needing to use multiple repositories
   to do their own work.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/oT+m3x41pRYZE/gRAu1yAKDmZ8+HAumy9Cb6uaQ2M36cbvSz/QCeNYjo
iwt1DjFexHDbn9NVmWCzN+Y=
=kgmF
-----END PGP SIGNATURE-----