Comment by jacquesm
10 years ago
Every time I hear stuff like that I point people to this link:
http://www.theregister.co.uk/2014/06/18/code_spaces_destroye...
10 years ago
Every time I hear stuff like that I point people to this link:
http://www.theregister.co.uk/2014/06/18/code_spaces_destroye...
Damn, I feel for them. That said, I feel better about how I've incessantly posted Wheeler's page over the years whenever source control comes up. Despite many being annoyed, they have no idea how important it is to have great security, storage, and recovery on this stuff. Between Wheeler's page & Orange Book A1 stuff, the practices today look kind of abysmal and ripe for the taking.
http://www.dwheeler.com/essays/scm-security.html
Orange Book systems' (1980's to early 90's) used air gaps and/or paper backups in safes. OpenCM, a robust SCM by Shapiro et al, mentions that among other things:
https://web.archive.org/web/20060315100242/http://opencm.org...
I come from a banking background so that stuff seems normal to me but what I find in the wild every now and then has me wondering how long it will be before a major service will go off-line due to some act of premeditated vandalism. It can't go on forever like this.
SoD alone would go a very long way to close some of the larger holes (dd question: who has access to your backups?) but even that is something that a lot more people seem to be aware of than is put into practice.
The amount of trust placed in the hands of a very few people is scary, and to do all that without real backups is something that would keep me awake at night if my bread and butter depended on it.