[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and security (was Re: introducing myself...)

From: Brad Appleton <brad_at_bradapp.net>
Date: 2003-06-23 05:44:32 CEST

On Thu, Jun 19, 2003 at 06:16:16PM -0400, Bob Aiello wrote:
> The important goal is to spec what we all believe that subversion
> should do. So here is what I am proposing...
[...]
> I'd rather not spam this list in a debate on CVS or ClearCase security.
> I would like to know if there is interest in making subversion a world
> class CM tool that push the envelope on security as well as other features.

Hi Bob! I'm also very experienced with ClearCase. I wonder if we can look at the list of requests/bugs still to implement against subversion and the relative priority of them, and where security falls into the mix. My impression is that as important as security is, there are still many other more fundamental features subversion needs before version 1.0 to make it "a compelling replacement for CVS" and I don't see security among them.

I'm all for discussing the encapsulation and interfaces needed in the short-term to be able to "plug in" the necessary security mechanisms later with minimal impact. I think that before Subversion tries to tackle security as you suggest it needs to tackle more of things that the existing CVS userbase would require before switching from CVS to SVN, and I think security is not near the top of that list. Most of the folks using CVS today don't have (or at least don't think they have :-) the extra security features you describe, and I see SVN needing to meet those other needs first before tackling security.

Again, I'm not saying to discuss possibilities. I do think that trying to pressure or influence security functionality to be implemented in the near term would not be best aligned with the vision and goals for SVN. Now, if some kind benefactor happens to be able to provide sufficient funding/resources to devote to security features, that situation could perhaps change :-)

BTW - have you looked at what Collabnet SourceCast does for CVS+Bugzilla? There is also an implementation of it that works with ClearCase and ClearQuest. And I hear another is in the works that uses Subversion and Scarab. Is not SourceCast designed to address some of the secure viewing/accessing issues you raised? 

-- 
Brad Appleton <brad@bradapp.net> www.bradapp.net
  Software CM Patterns (www.scmpatterns.com)
   Effective Teamwork, Practical Integration
"And miles to go before I sleep." -- Robert Frost
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jun 23 05:45:25 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.