Re: [RFC Draft] ACL in CVS proposal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I'd also like to introduce some comments/thoughts :-). Please see them
below.

08/17/2001 09:50:02 AM cvs-nserver-devel-admin wrote:
>* 99.99% of file permissions/ownership are the same in a directory.  My
>  patch does not have per-file permissions, and none of the users have
>  ever asked for it, and in our group we have never needed it.
I think it would be useful to separate different kinds of developers from
each other :-). Suppose you have 'core' programmers and front-end
designers. Programmers write javascripts that perform some essential
functionality on client  browser, designers write scripts to animate and
slow down interface as they love to do. Those scripts resides in a same
directory (or same directory hierarchy). Probably it would be useful to
separate 'scripts for programmers' and 'scripts for designers'. Another
example is the cvs-nserver sources itself where some files are shared
between client and server. Maybe Alex wishes to disallow some inaccurate
client writers from changing anything beyond their responsibility area :-)

>* 99% of permissions in a directory can be directly inherited from the
>  parent directory.
>
>* Development groups have a strong need for multiple users with
>  independent access controls.
>
>* Having groups of users that can be assigned permissions together (so
>  you only have to maintain per-directory permissions for the group,
>  not the individual users) is very helpful.
>
>* Per-branch tag permissions are useful, not only globally in the
>  repository, but also per-directory.  Designers use branch tags for
>  sandboxes and to let outsiders do work without affecting the main
>  branch, as well as having them for releases.
>
>* The concept of an owner is useful, because someone needs to maintain
>  the permissions, create branches for sandboxes, and someone needs to
>  have ultimate responsibility that is easily identifiable.  In a
>  large group, the administrators don't have the time nor the
>  knowledge to maintain permissions.
Should it be 'module administrators'? Or maybe it would be useful to add
another type of action on ACL: 'allow to modify ACL [for a particular
file/module/branch/etc]?'

>* You need the concept of a CVS administrator.
Should it be the only person or each module/branch etc can have its own
administrator?

Everything else looks quite reasonable for me.