On 2010-03-14 2:44 PM, Zooko O'Whielacronx wrote: > My point is that we have this problem not because we used the > capability access control model, but because we made sharing > maximally easy in the first version of the user interface, and now > we need to figure out how to make sharing less easy, or more context > dependent, or something.
In software engineering, it is very common for multiple people to be working on the same file. We do not do it by giving multiple people simultaneous write access. Rather, we either do lots of merges, as in Git, or we give one person at a time write access, as with Visual Source Safe. Two people having write access to the same file at the same time is a bug. If Bob gives away a write authority to a file, he should *lose* write authority to that file. Suppose one made it so that write access was *never* shared. If Bob and Carol are working on a common document, Bob gives Carol read access to Bob's version, and Carol gives Bob read access to Carol's version. Making it easy to share write access is not a good idea. Indeed, making it *possible* to share write access is rarely a good idea. People often have a directory to which they give world write access. The intent, however, is always to swiftly move files dropped in that directory to a safer place. The directory is used as half of an operation, and in the full operation a file is moved or copied between two entities, equivalent to sharing read access, or giving away and losing write access. _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
