[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: Exporting/Importing to Multiple Repositories

From: Andy Levy <andy.levy_at_gmail.com>
Date: Tue, 20 May 2008 21:41:20 -0400

On Tue, May 20, 2008 at 8:46 PM, Woodward, Gordon (RBC Dexia IS)
<gordon.woodward_at_rbcdexia-is.com> wrote:
>> I guess not, because repositories by definition don't share any relation, so the two will be completely separated from each other. Just wondering, but > why do you even want separate repositories?
>
> It's more of a security issue raised by management. The reasoning behind the second repository is to more control what gets released to UAT or Production and prevent developers trying to slip in last minute code changes that haven't gone through proper change/testing procedures. Only source code checked into the second repository will be compiled and released to our UAT/Production systems.

You can configure SVN to disallow developer access to the tags used to
build releases. And everything's logged anyway, so if you get
suspicious, you can trace everything back.

I raised a similar question with our Sarbanes-Oxley auditors about 2
years ago, and their response was that in a shop our size (very
small), they were satisfied with a "detect" control for code changes
instead of a "prevent" which slowed down the development/promotion
process while we did extra paperwork and temporary security tweaks to
get changes made.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-05-21 03:41:45 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.