[Fedora] Re: Semi OT: Subversion
John Summerfield
debian at herakles.homelinux.org
Wed Nov 7 23:37:02 UTC 2007
Les Mikesell wrote:
>
>> Nobody should have the ability to update code owned by the next stage.
>
> That's not possible with most version control systems. Everyone has
It's essential. You don't want everyone to be able to mess with
production code. Nobody can certify code they don't control. If I can
apply a little vim or emacs to your repo, you're sunk. Just let the
auditors ask, "Who can change this source code?" and "We will try."
Essentially, we cloned the libraries of source code, and each stage (to
the best of my recollection) built their own executables.
If every source file's digitally signed, that's probably good enough,
but old fogies (say, my generation) would probably say not.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
More information about the users
mailing list