fo...@cfengine.com writes: > By hierarchical are you hoping to allow other teams to make policy > without altering your own?
No, as soon as I merge their work into the mainline to deploy it, they can execute whatever commands to destroy my system (until cf3 permit to "load" or "run" bundles under specific uid/gid/security context/... ;-)). I think about compartment, services configuration is under services, a team is responsible for it and they can subdivide the work as they wish. If someone want to provide cf3 promises for a new service, it should be straightforward to know what, where and how to do it. Hope this clarify my intentions. Thanks. -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
pgp4taXpR7D0k.pgp
Description: PGP signature
_______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
