RE: CVS Internal Authorization Patch

[Chuck . Irvine]

Perhaps the problem is that the security functionality provided by the
OS isn't easily mapped to CVS administration functions, especially for
those who are more OS "users" versus those who have experience with OS
"administration". 

For example, here are a few of the admin things we would like to do
here:

- Lock/close out a branch from further access.
- Limit the ability to branch and merge to specified individuals.
- Limit access to certain portions of the admin command to 
  specified individuals.
- Limit the ability to import to certain individuals.

All of these seem to sparsely documented, if at all.

-----Original Message-----
From: derek.price [mailto:address@hidden
Sent: Tuesday, November 07, 2000 1:27 PM
To: Chuck.Irvine
Cc: info-cvs
Subject: Re: CVS Internal Authorization Patch


address@hidden wrote:

> I would be useful to know why you think this is a bad idea. Otherwise
> your comment is of limited value.

The general design philosophy behind CVS tends more towards leaving
things
like ACLs to the OS.  More people are putting more time into security
there
and nobody seems to want to pretend that CVS is secure.  Even if we had
a
large enough team with some good people willing to concentrate on
security,
why reimplement something that's already handled, and handled well?

If the standard UNIX ACL level isn't fine grained enough for you you
could
always look into something like AFS.

Derek

--
Derek Price                      CVS Solutions Architect (
http://CVSHome.org )
mailto:address@hidden     OpenAvenue ( http://OpenAvenue.com )
--
Coffee is not for kids.
Coffee is not for kids.
Coffee is not for kids...

          - Bart Simpson on chalkboard, _The Simpsons_




_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs