Re: [Fedora] Re: Semi OT: Subversion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Summerfield wrote:


Nobody should have the ability to update code owned by the next stage.

That's not possible with most version control systems. Everyone has

It's essential. You don't want everyone to be able to mess with production code.

I meant that no one ever changes anything that has ever been committed. Everyone makes changes in their own workspace and a commit becomes a new revision. Anyone can check out any revision that has ever been committed. So, each stage checks out their own appropriate revision or tagged copy based on the workflow regardless of what else is happening in the repository. It doesn't matter that someone can check in garbage, what matters is that the garbage revision not the one that QA tests/approves/tags to go to production.

Nobody can certify code they don't control. If I can apply a little vim or emacs to your repo, you're sunk. Just let the auditors ask, "Who can change this source code?" and "We will try."

You've got unix filesystem permissions and SELinux at your disposal to control direct repository access. And the repository doesn't have to be on the same machine as any of the users.

Essentially, we cloned the libraries of source code, and each stage (to the best of my recollection) built their own executables.

If every source file's digitally signed, that's probably good enough, but old fogies (say, my generation) would probably say not.

If you don't trust your file access control, these don't matter much.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux