[reportlab-users] Development practices

[Andy Robinson]

> For what i understand, with arch you don't need to give write access to
> external groups, they make their own branch alone, and it's up to the
> manager to read them (or not) when he want to take their patchs. So,
> everybody can work on the project, security is not in the same place.

That's the problem.  We can't commit to a manager making the time
available.  We want to let several trusted user group members commit
to core algorithms, and a much wider group commit to docs and
examples - but prevent any of those people seeing other stuff
in our repositories which relates to corporate customer projects.
On the other hand, we often do a release of Project X for Customer Y
which depends on very specific tags of the open source code.  So
having them all in one repository and one issue tracking system
makes life much, much easier.

Again, Mr. Wheeler has a good essay stating the issues quite well.
    http://www.dwheeler.com/essays/scm-security.html
The nice thing about subversion is that it can delegate all this to
the well known Apache model.

But thanks for making me research it a bit harder. Any other SCM systems
we should look at? :-)

Just my 2p worth


- Andy