John Summerfield wrote:
Nobody should have the ability to update code owned by the next stage.
That's not possible with most version control systems. Everyone has
It's essential. You don't want everyone to be able to mess with
production code.
I meant that no one ever changes anything that has ever been committed.
Everyone makes changes in their own workspace and a commit becomes a
new revision. Anyone can check out any revision that has ever been
committed. So, each stage checks out their own appropriate revision or
tagged copy based on the workflow regardless of what else is happening
in the repository. It doesn't matter that someone can check in garbage,
what matters is that the garbage revision not the one that QA
tests/approves/tags to go to production.
Nobody can certify code they don't control. If I can
apply a little vim or emacs to your repo, you're sunk. Just let the
auditors ask, "Who can change this source code?" and "We will try."
You've got unix filesystem permissions and SELinux at your disposal to
control direct repository access. And the repository doesn't have to be
on the same machine as any of the users.
Essentially, we cloned the libraries of source code, and each stage (to
the best of my recollection) built their own executables.
If every source file's digitally signed, that's probably good enough,
but old fogies (say, my generation) would probably say not.
If you don't trust your file access control, these don't matter much.
--
Les Mikesell
lesmikesell@xxxxxxxxx