[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypting selected files ...

From: Pat Farrell <pfarrell_at_pfarrell.com>
Date: Fri, 02 Oct 2009 13:27:12 -0400

Les Mikesell wrote:
> But if you care about version control, you must include the parts of
> code/configuration involved in your repository.

No, you put development versions of the configuration in the developer's
SVN. Not operations. And you have ways to override stuff.

> They are often need to be included in a file of code or configuration
> that is someone else's design. Bad design or not

Its a very bad design. Again, if you care about security, you have no

>> Most theft and fraud are inside jobs. You can not allow simple access to
>> the source code to allow access to production.
> Nor is it a good idea to put things into production that aren't under
> version control.

I did not say use nothing on the production side.

What I said was that developers have zero access to the production
configuration. They have access to the developement and/or testing

Ops can have their own SVN, but no access from the development engineers

>> This does not prevent the operations folks from having their own SVN
>> inside their security perimeter. But its simply wrong to put production
>> passwords in the general engineering SVN.
> So how do you roll out code/configurations to a bunch of machines with
> the ability to roll back without storing it somewhere that the people
> who develop/test it can access?

You seem to be thinking that development engineers are allowed to touch
production. That is not how secure or even well run sites are operated.

Pat Farrell
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-02 19:28:04 CEST

This is an archived mail posted to the Subversion Users mailing list.