httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: CVS and generalising connections
Date Sun, 17 Dec 1995 15:30:16 GMT
> In reply to Ben Laurie who said
> > 
> > Very quiet today, is there a problem? I know I've got a severe hangover, but
> > surely not all of you had their office Christmas do last night?
> > 
> > Anyway, to the point. There seems to be a movement in favour of trying CVS out
> > for future development. It is also opined that the delays to
> > will be tolerable in a remote CVS setup. I therefore call for a vote on the
> > following:
> > 
> > CVS will be installed and set up on, and used for all further
> > development of Apache 1.1 onwards.
> > 
> > Deadline: Tuesday 19th Dec, 09:00 GMT.
> > 
> > I vote +1.
> > 
> +1 from me.
> > Note that this doesn't imply that we are committed to CVS, its use can be
> > removed by a further vote.
> Not at some point X in the future though. i.e. not 6 months down
> the line.  I suggest we have a trial period ending 1 March 96. At
> which point we can have one last flurry of voting before we lay
> that silly practive to rest :-)

I still think the patch and vote scheme makes sense for final release versions
(even if CVS is still used to manage it).

> > 1. Read only source access: granted to all comers.
> I'd suggest both access to the cvs repository itself (read only) plus a 
> checked out copy of just the sources.
> We'll also need a distribution mechanism since there won't be
> patches to download anymore and people won't want to grab a complete
> set of sources everytime a change is made.
> Sup is one solution if you've got reasonable net access. It checks
> the repository and dowloads any files that are newer than your
> local copy.
> Another solution for less well connected sites is CTM, which is something
> developed by FreeBSD. Basically, it runs every X hours and does a diff of
> the tree against last time it was run and mails out a set of patches. This
> is actually pretty neat. I'll talk to the author and see if I can have a
> copy for Apache, I see no reason why he wouldn't.

Presumably we can also use CVS to generate patches between released versions?

> > 2. Write source access: granted by a vote (under the same rules as patches) by
> > the Apache Group [possible variation: by those members of the Apache Group with
> > write source access]. Revoked by a similar vote (except the member in question
> > may not vote) [possible variation: or by an administrator].
> I'll think some more about these rules. I think in practice any
> person who has cvs write access will be able to lock someone out
> of cvs so it's best to just allow this to happen.

Really? How?

> Also, if someone
> is abusing cvs they'll need to be locked out immediately not a week
> later after a voting process has taken place. I'd suggest that
> anyone with CVS privs can lock out someone else if they believe
> they are causing problems but that it doesn't become a permanent
> lock out until the voting process has taken place. If someone
> maliciously locks people out all the time then their access will
> get revoked. This sounds more involved than it really is, basically,
> using cvs doesn't remove the need to co-operate and behave sensibly.
> > 3. Administrator access: granted by a vote as write source access, but with
> > the proviso that the owner of the CVS host may veto (because of security
> > implications). Revoked by a similar vote, or by the CVS host owner at his
> > discretion. Administrator access of course implies write source access.
> Unless cvs 1.6 has changed there's no such thing as an administrator. Anyone
> who has cvs write access can do whatever they want since the permissions
> necessary for write access give you access to everything. 

Hmmm - but someone with CVS write access doesn't necessarily have a login, so
they can only do whatever CVS allows them to do. This was the distinction in
my mind.

> We should have a cvs admin though who will do the "dirty" jobs, like tagging
> and cleaning up mistakes and everyone else should honour this position and
> *NOT* go in and do admin tasks themselves.




> -- 
>   Paul Richards, Netcraft Ltd.
>   Internet:,
>   Phone: 0370 462071 (Mobile), +44 1225 447500 (work)

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email:
A.L. Digital Ltd,           URL:
London, England.

View raw message