[tahoe-dev] Giving away the farm (was Re: Google Summer of Code 2010 -- Ideas Needed!)

James A. Donald jamesd at echeque.com
Thu Mar 18 08:11:36 PDT 2010


On 2010-03-14 2:44 PM, Zooko O'Whielacronx wrote:
 > My point is that we have this problem not because we used the
 > capability access control model, but because we made sharing
 > maximally easy in the first version of the user interface, and now
 > we need to figure out how to make sharing less easy, or more context
 > dependent, or something.

In software engineering, it is very common for multiple people to be
working on the same file.  We do not do it by giving multiple people
simultaneous write access.  Rather, we either do lots of merges, as in
Git, or we give one person at a time write access, as with Visual
Source Safe.  Two people having write access to the same file at the
same time is a bug.  If Bob gives away a write authority to a file,
he should *lose* write authority to that file.

Suppose one made it so that write access was *never* shared.  If Bob
and Carol are working on a common document, Bob gives Carol read
access to Bob's version, and Carol gives Bob read access to Carol's
version.

Making it easy to share write access is not a good idea.  Indeed,
making it *possible* to share write access is rarely a good idea.

People often have a directory to which they give world write access.
The intent, however, is always to swiftly move files dropped in that
directory to a safer place.  The directory is used as half of an
operation, and in the full operation a file is moved or copied between
two entities, equivalent to sharing read access, or giving away and
losing write access.




More information about the tahoe-dev mailing list