[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How 2 Secure the repository?

From: Greg A. address@hidden (Greg A. Woods; Planix, Inc.)
Subject: RE: How 2 Secure the repository?
Date: Mon, 11 Mar 2002 18:06:48 -0500 (EST)

[ On Monday, March 11, 2002 at 13:43:05 (-0800), Dustin Cavanaugh wrote: ]
> Subject: RE: How 2 Secure the repository?
> 2) The best repository advice I've gotten involves keeping the users away 
> from direct access to the repository ... no machine logins. There are 
> problems with this, but it seems the least odious.

There are potentialy less odious means of preventing users from direct
manipulation of the repository, but they are probably more arduous and
perhaps less proactive.

One is to just weild a big stick lightly.  Adding automated auditing of
the repository integrity is a way to make this kind of enforcement more
proactive again (you might do this by keeping a mirror repository that's
maintained on a separate machine with no user account and which is
updated with shadow commits and tags and then is periodically compared
with the master copy, and if discrepancies are found then audit all
access to the master server during the time the unauthorised changes
were made).

                                                                Greg A. Woods

+1 416 218-0098;  <address@hidden>;  <address@hidden>;  <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]