Zorba the Hutt (zorbathut) wrote,
Zorba the Hutt

on authorization

So imagine you have a big database of some kind.

People write Things, and enter the Things in the database. People make mistakes, of course, and so we allow (for various definitions of allow - I'll get to this in a second) anyone to change anyone's Things, so they can fix it and improve it.

Most people, we assume, are competent. But there might be those that are incompetent. And, depending on what you're talking about, there might be those who are just plain evil.

Most systems of this nature work like so: You see a problem. You email the owner of the Thing. Owner gets around to fixing it, eventually, maybe, if you're lucky. Or maybe he's just had a bad day. Whatever. If it doesn't get fixed, sucks to be you, you don't own the Thing.

On the other hand there's Wikipedia. In Wikipedia, anyone can edit any page, and your changes show up immediately. There's a changelog, and people who read the changelog. Some entries get trolled, and usually, within hours if not minutes, fixed. This is just part of Wikipedia. It's what happens.

Obviously which model you'll choose for your database depends on your average user and your data importance. You wouldn't want to put, say, the national budget on a wiki as the official version. People will fuck with it. It will be bad. But let's imagine you've got a slightly higher basis for trust - you can guarantee that most people aren't Evil, and, at worst, Incompetent. The Wikipedia model is starting to look better. In fact, let's also imagine that things getting screwed up aren't all that important in a span of a few hours - they can be found, and fixed, and nothing really dangerous will have happened. Wikipedia's starting to look a *lot* better.

Another awesome thing Wikipedia does - it lets you flag something to watch. Any edits show up on your watch list. Something you wrote personally? Something you know a lot about? Flag it and keep an eye on it. If it gets fucked over, you'll know. (I don't know if Wikipedia supports email-me-if-this-changed - if they don't, it clearly wouldn't be hard to add.)

The Wikipedia model rocks.

Why the hell doesn't anyone use it for source control?

I've seen two source control models. "Let anyone change everything" and "let nobody change anything without a code review/approval". And I'm looking through this codebase right now, and I'm finding things that violate the code standards. I'm finding things that could be better documented. I'm finding one function that flat-out seems to be a bad idea (and trivially fixable) and one so-subtle-you-could-even-argue-it-isn't-one bug.

And, if we had the Wikipedia model for source control, I could just go and fix it. And if someone found it objectionable enough to change it back - perhaps the creator, who probably would have it set to notify them - they could change it back, and then we could start a debate as to which is better (and keep that entirely within the notes to the file) and eventually hammer something out that we like.

As it is? I *could* make the changes and submit it. But maybe they'd object, or maybe they'd decide it wasn't worth spending time on. Or I could email them, and I run into the same problem. (Another advantage to the Wiki model - the one who cares more tends to win. As far as I'm concerned, this is an advantage. In this model, I have to pit my caring against the author's apathy.)

So why doesn't anyone use the Wikipedia model for source code control?
  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.