On Tue, May 20, 2008 at 8:46 PM, Woodward, Gordon (RBC Dexia IS)
<gordon.woodward_at_rbcdexia-is.com> wrote:
>> I guess not, because repositories by definition don't share any relation, so the two will be completely separated from each other. Just wondering, but > why do you even want separate repositories?
>
> It's more of a security issue raised by management. The reasoning behind the second repository is to more control what gets released to UAT or Production and prevent developers trying to slip in last minute code changes that haven't gone through proper change/testing procedures. Only source code checked into the second repository will be compiled and released to our UAT/Production systems.
You can configure SVN to disallow developer access to the tags used to
build releases. And everything's logged anyway, so if you get
suspicious, you can trace everything back.
I raised a similar question with our Sarbanes-Oxley auditors about 2
years ago, and their response was that in a shop our size (very
small), they were satisfied with a "detect" control for code changes
instead of a "prevent" which slowed down the development/promotion
process while we did extra paperwork and temporary security tweaks to
get changes made.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-05-21 03:41:45 CEST