> In the centralised setup, Darcs reduces that to just one level: it > uses Unix accounts. In the distributed setting, Darcs uses GPG keys > to identify users. In either case, there is no account management > within Darcs, Darcs is just obeying external account managers. > > I find it paradoxical (but understandable) that you find CVS' extra > level of bureaucracy easier to manage than Darcs' model.
Unix accounts don't lend themselves to the Principle of Least Authority -- it isn't easy to make a unix account that can access a specific repo through darcs, but do nothing else, much less one which can read a repo but not write to it, or apply but not unpull, ... GPG keys have the same inconvenience, plus more! One of the added inconveniences is indicated by the way that you described GPG keys -- "to identify users". This emphasizes a tangential problem -- identifying users -- rather than the original problem of controlling access. By way of comparison, imagine if giving people Unix accounts was considered to be primarily an issue of identifying users. There would be lots of culture and tool support for things like verifying a user's identity face-to-face before giving him a Unix account, cross-checking the identities of users who have accounts on machines controlled by different sysadmins, expiring the access privileges of users who haven't re-verified recently enough, and so forth. The original issue of controlling which Unix accounts can do what to which darcs repo would be an afterthought with little culture, documentation, or tools to explain how to do it. So it is (circa 2005) with GPG keys. I've exchanged darcs patches with many people, perhaps a dozen, over the last couple of years. Mostly this was by pulling from them over insecure HTTP, in other cases this was accomplished by creating Unix accounts and giving them the password over insecure phone, VoIP, IRC, or e-mail. Never have I used GPG (successfully). Strange that giving someone a complete user account with interactive remote access is easier than securely receiving a patch from them. Sigh. Regards, Zooko _______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
