[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preventing users from Tagging files

From: address@hidden
Subject: Re: Preventing users from Tagging files
Date: Tue, 25 Nov 2003 17:41:47 -0800 (PST)

On Tue, 25 Nov 2003, Kaz Kylheku wrote:

> On Tue, 25 Nov 2003, Mike wrote:
> > I am aware that I can use the unix file system permissions to prevent
> > developers from checking in files into CVS. But is there a way to prevent
> In addition, you can use the commitinfo scripting mechanism to stop commits
> for just about any criteria: bad code formatting, missing bug number
> in the log message, etc.
> > people from TAGGING files [or retagging] while still letting them checkin
> > those same files? Or am I just asking a stupid question?
> You can implement your custom restrictions in a script specified in 
> the taginfo administrative file.  The taginfo script could check the
> user identity and reject the operation if that identity is blacklisted.
> (But really, if you can't trust some developers to tag properly, how
> can you trust them to commit anything?  Learning a tagging system and
> sticking to it is far less complex than all the things you have to do
> to become a competent software developer. :)

Tagging is not really the issue, it is deleting tags that is.  And once you
have deleted a tag, it is gone.  I have always thought this was a weakness
of CVS.  History of all commits are retained, even deleting a file from the
repository really does not delete the ,v file, the file is just moved into
the attic.  But when you delete a tag, there is no history you can revert
from, besides your last repository backup.  Even competent developers
can accidentally delete something they did not mean to.  Everyone
can be confused from time to time.  This is a strong argument for having
good and frequent backups of the CVS repository, in lieu of some
other home grown tag backup mechanism.

At work, we prevent everyone from deleting tags, except one user, 
cvsadmin.  This way, if there is a tag delete snafu, we know who did
it. There is our implementation; YMMV.  You could easily make this 
a more generic implementation, and lookup the username from a file of
authorized users.

taginfo entry:
#  Everyone can add
if [ "$3" = "add" ]; then
    exit 0

#  cvsadmin can do everything
if [ "$user" = "cvsadmin" ]; then
    exit 0

#  Nothing else is allowed.
echo $@ >> $4/tag.log
exit 2

Adam Bernstein   address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]