Les Mikesell wrote:
Nobody should have the ability to update code owned by the next stage.
That's not possible with most version control systems. Everyone has
It's essential. You don't want everyone to be able to mess with
production code. Nobody can certify code they don't control. If I can
apply a little vim or emacs to your repo, you're sunk. Just let the
auditors ask, "Who can change this source code?" and "We will try."
Essentially, we cloned the libraries of source code, and each stage (to
the best of my recollection) built their own executables.
If every source file's digitally signed, that's probably good enough,
but old fogies (say, my generation) would probably say not.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list