[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Central version control for Debian

On Wed, Jan 31, 2001 at 10:55:31PM +0200, Moshe Zadka wrote:

> On Mon, 29 Jan 2001 16:54:16 -0500, Matt Zimmerman <mdz@debian.org> wrote:
> > etc., etc.  The biggest barrier to making this work seems to be deciding who
> > should be able to commit changes where.  CVS may not currently be flexible
> > enough for our needs; it would be nice, for example, if certain users (the
> > security team) were able to create a branch for a package, but not trample 
> > over the maintainer's current stuff.
> I may be reading you wrong here, but I'm not sure you need enough flexibility
> in CVS if you trust the developers: put it up with wide open permissions
> to the developers, and have a clear policy which it is up for the people
> to enforce on themselves. That's the way the Python development is organized,
> and it seems to be going great.

Debian has many more developers (probably) working on a much larger code base
(definitely).  For a developer to sign a source package with her key, she must
have first-hand knowledge of all changes to the source.  Imagine a malicious
user making direct changes to the CVS repository; this change would be almost
impossible to detect.

 - mdz

Reply to: