Re: preliminary ACL support in cvs-nserver

[Tobias Brox]

[Greg A. Woods - Sun at 01:51:17PM -0400]
> Running CVS setgid or setuid is impossible to do safely -- you cannot
> enforce accountability with CVS as it stands today.

No need to discuss this any more; we do agree about that - and personally I
don't care a bit whether it's trivial to fix or whether it's needed to
program the whole thing from scratch.  I do find the latter hard to believe,
but I don't have enough insight to argue against it.

> Of course anyone contemplating such a project should also try to study
> the reasons for using version tracking tools and how they fit into a
> larger SCM process.  ACLs on branches and files may just not make sense
> (which is what I've been trying to hint all along!).

I can't argue that it's important with ACLs.  I think it's very much at the
edge of what can be said to be within the scope of CVS.  I can't come up
with any examples where it's strictly needed, and where there are no easy
workarounds.  Still, I wouldn't dismiss it completely - if anybody does have
a real need of ACLs, they should know far better than me that it can be
important.  If Alexey thinks he can do it, I'd encourage him to go on.  

The only thing I think is very important is that he gets a bit more than "I
do have test cases, and it works very well" on the "Quality Assurance" part,
and that he clearly states early in the documentation whether the system can
be used merely to avoid accidents, or if it's a secure implementation of
ACLs.


-- 
Unemployed hacker
Will program for food!
http://ccs.custompublish.com/