Joshua.White@hartfordlife.com wrote on 09/07/2005 12:36:14 PM:
> I am trying to put together a case to use subversion instead of PVCS at
my
> company (If you could point me to any resources on this, I would
appreciate
> it!) I have been receiving a lot of push back about subversion having
> security vulnerabilities. See the following:
>
> http://secunia.com/ (http://secunia.com/search/?search=SVN)
> or
> http://www.cve.mitre.org/
(http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=SVN)
>
> As you can expect, managers want our SCM to be SOX compliant. PVCS
claims to
> be SOX compliant. Is subversion SOX compliant?
Our company provides an SCM solution in the OS/400 space. We used to sell
PVCS to our customers, now we have our own solution built around
Subversion.
1) Security
Keep in mind that proprietary apps like PVCS are not going to have their
vulnerabilities published, that does not mean they are more secure.
Indeed, for anyone to use PVCS they used to have to have full access to
the archives, which means they could be deleted or otherwise modified
without PVCS knowing about it. Newer version now have a server option
that resolves this issue if you choose to use it. I think that is just to
give some perspective.
2) SOX
We do a lot with SOX. A product cannot be SOX compliant or make you SOX
compliant simply by owning it. Only YOU and your PROCESSES can be SOX
compliant. Subversion can certainly be used to establish a SOX compliant
process. That being said, PVCS certainly has support for finer-grained
ACL's than Subversion does out of the box. There are excellent hook
scripts available for Subversion that can get you everything you should
need and more.
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Sep 7 19:08:15 2005