[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
change control via CVS tags
|
From: |
Jeremy Mates |
|
Subject: |
change control via CVS tags |
|
Date: |
Thu, 13 Oct 2005 10:57:32 -0700 |
|
User-agent: |
Mutt/1.4.2i |
* Martin, Jason H <jason.h.martin@cingular.com>
> Along the same lines, has anyone implemented a system such that there
> is no one person capable of pushing out changes? I'm talking about a
> system analogous to the nuclear missile keys that require 2 people to
> agree to launch.
One approach would be to store all the configuration under CVS, then use
a taginfo script to restrict who can apply tags to a file[1]. This way,
anyone with CVS rights could commit files, but only certain people would
have tag rights. CFEngine would then pull from CVS only files with a
certain tag set[2].
Some extra logic in the taginfo script might ensure the same person
could not both commit and tag the file, though I have not looked at how
hard this would be. Linking all this to an approval ticket system for
SOX compliance would be even more fun...
[1] CVSPermissions is close, but uses the directory permissions for tag
rights as well: http://sarovar.org/projects/cvspermissions
[2] stage-from-cvs is one method: http://sial.org/howto/cvs-tips/#s4
- RE: Tiered admins with cfengine / dual control, Martin, Jason H, 2005/10/13
- Re: Tiered admins with cfengine / dual control, Adams, Russell L., 2005/10/13
- RE: Tiered admins with cfengine / dual control, Martin, Jason H, 2005/10/13
- Re: Tiered admins with cfengine / dual control, Adams, Russell L., 2005/10/13
- RE: Tiered admins with cfengine / dual control, Martin, Jason H, 2005/10/13