Greg Hudson <ghudson@MIT.EDU> writes:
> (Maybe I'm being bad talking about these pre-M2. But I'll forget if I
> don't bring them up now.)
> Ben committed:
> > We need a security architecture that:
> > * will take advantage of Apache
> I assume you mean take advantage of Apache from an authentication
> perspective. I'm not convinced we should be taking advantage of it
> for authorization ("how ACLs should work"), both because it's not a
> good match and because we probably want our authorization model to be
> independent of how the repository is accessed.
> > * fits well with the Sourcecast 2.0 framework
> This makes me nervous from a "who is driving the design" perspective.
We need an authorization system that is general enough that anyone can
use it. Maybe this means ACLs in the filesystem, maybe not. But yes,
Collabnet wants to be able to authorize fs actions against a SQL
database -- it's no big secret, and Collabnet will probably develop
the plugin as a side-project. No big deal.
But if you're worried about conflict-of-interest issues, don't be.
Collabnet is pretty smart about open source development methodology. :)
(IOW, Collabnet knows not to annoy the svn community, lest it go off
and fork a new project!)
> Also, is anyone thinking about versioning of symlinks?
I think this is post-1.0, not sure.
Received on Sat Oct 21 14:36:26 2006