[cap-talk] More Heresey: ACLs not inherently bad
Mark Seaborn
mrs at mythic-beasts.com
Thu Sep 18 14:38:58 CDT 2008
"Jonathan S. Shapiro" <shap at eros-os.com> wrote:
> On Thu, 2008-09-18 at 20:10 +0100, Mark Seaborn wrote:
> > This should be straightforward to do with today's distributed SCMs.
> > You could have a system that pulls changesets from users' individual
> > branches into the main branch and accepts or rejects the changesets
> > based on whether they contain changes that the user is allowed to
> > make.
(I said "distributed SCM" before. "Decentralised" would be a more
accurate term.)
> Yes. But today's SCMs aren't at all easy to implement credibly on pure
> capability systems.
I am not sure what you mean by that. I don't see any reason why SCMs
such as Bazaar, Git or SVN can't be run on a capability system. I
just have to give my SCM tool access to my working directory tree, the
upstream repository (or a suitable facet thereof, associated with a
user name), and, for decentralised SCMs, a local repository.
If you mean that today's decentralised SCMs don't treat files and
directories as mutable objects to be access-controlled, I entirely
agree with you. I think that is a good feature. Treating files and
directories as mutable objects with their own internal history is a
characteristic of centralised SCMs; I much prefer the model of
decentralised SCMs. With DSCMs, it is branches that are subject to
access control.
Regards,
Mark
More information about the cap-talk
mailing list