From: [EMAIL PROTECTED] Date: Thu, 5 Sep 2002 13:03:59 -0500 (CDT) [...] > Set up a Unix group which has write access to the repository. > Ensure that everything in the repository is read-only to everyone > else, and ensure that the directories all have the setuid bit > so that newly created directories inherit these permissions. > There's a step missing here: if you just do this the turkeys will be unable to check out and update software.
Right. As I was trying to describe previously, the issue is around a small area of the tree. In fact, it's the common makefile infrastructure which drives the building of the whole tree; get that wrong and you can bring everything to a screeching halt for everybody, rather than just porking one particular subdir. You need to put a line like LockDir=/usr/local/cvslocks (change the directory as you will, but don't put any spaces in) in CVSROOT/config, and of course have a /usr/local/cvslocks or whatever directory that all the turkeys can write to. Assuming a reasonably up-to-date version of CVS, this will allow the turkeys read-only access to the repository. Huh. I suppose one could also play games with putting certain (sets of) users in or out of certain groups, thus allowing some selectivity. [...] I suspect this is not going to fly, given the political problems against getting decent hackers. I still have qualms about this, most particularly being that I don't see that having competent people looking over incompetent code is a tremendous improvement. Perhaps instituting different processes, such as early semi-formal reviews, would be more useful, but I know nothing of the politics at your site. Yah. The details aren't worth going in to, their effect it to render the review processes (which we do have, and try to use) less effective than they should be. I grant that applying a technical solution to a political problem is generally not the right thing, but in this case I have some control over the former, and very little over the latter. Thanks for the ideas. _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs