Re: Splitting the security-tracker repo [was Re: [PATCH 00/12] Plannings for secure-testing repository migration to git]
Hi Salvatore,
On Thu, Dec 28, 2017 at 10:08:42PM +0100, Salvatore Bonaccorso wrote:
[..snip..]
> Thank you. There is one further change needed I think, and one
> question/concern.
>
> The Makefile must be as well not in the security-tracker.git, but
> linked from there. But now this is still not safe to have
> security-tracker-bin git as submodule, because one can just replace
> the symlinks we created.
Maybe I don't understand yet what you want to achive:
I thought you wanted to be able to make changes to the scripts and the
data files independently so that changes to the scripts wouldn't go live
on soriano after a commit accidentally. So we get to decide when a new
tracker version goes live independent of any changes to data/
That's possible with the split. It doesn't protect you from somebody
maliciously trying to modify tracker code via the secure-testing
repository. For this we'd have to decouple the repos completely with
security-tracker-bin not even being a submodule (since otherwise
somebody with commit access to the security-tracker can always forward
the supmodule ref).
> So in the long run we would better of to decouple the data part and
> code part defintively, but I wonder if for now the safest road would
> be to go back one step, do the svn to git migration in one repository
> and for the autmoatic updates triggeres, operate in a separate
> workdir.
That's certainly possible (although a bit confusing to have two separate
checkouts at different revisions).
Cheers
-- Guido
Reply to: