From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,dbf84a1c2794f4fb X-Google-Attributes: gid103376,public From: kilgallen@eisner.decus.org (Larry Kilgallen) Subject: Re: packages and private parts Date: 1997/02/10 Message-ID: <1997Feb10.143312.1@eisner>#1/1 X-Deja-AN: 217866930 x-nntp-posting-host: eisner.decus.org references: <32F170C8.6A88F208@cam.org> <32FA4C67.48D9@watson.ibm.com> <32FB27FF.794BDF32@innocon.com> <32FF4D8D.167EB0E7@innocon.com> x-nntp-posting-user: KILGALLEN x-trace: 855603237/13876 organization: LJK Software newsgroups: comp.lang.ada Date: 1997-02-10T00:00:00+00:00 List-Id: In article <32FF4D8D.167EB0E7@innocon.com>, Jeff Carter writes: > Robert Dewar wrote: >> Child packages are much safer. If you have a set of packages from >> a "great designer", and want to use them, then use them, do NOT >> use any suspicious non-official children! Remember that a program >> is only affected by the presence of child packages if it directly >> or indirectly with's these children. > > How do you know which children are official and which are not? How do > you know whether a programmer has written and used an unauthorized child > that is not known to the rest of the system? You know all of this by whether the child has been entered into the configuration manager. This is really no different than how you know whether a particular copy of the parent is official. For "the configuration manager" you are free to use any method your organization feels is safe, ranging from a diskette set as write-lock (or not) up to digital signatures on the sources. While a programmer might be able to write an unauthorized child package, she cannot put it into the configuration management system without following the rules for the particular local environment. Those rules might extend from "free-for-all" up to measuring against coding standards which require some extra approval for child packages. Larry Kilgallen