Hacker News new | past | comments | ask | show | jobs | submit login

People overlook that there's a common systematic belief that looks like this:

  1) Developers don't code on prod
  2) Prod needs to be protected
  3) Therefore, developers need to be restricted from prod
One of my teams went through the process of "let's do DevOps!" with the intent of giving developers the ability of pushing something all the way through to prod on AWS. Months later, this resulted in having a poorly-supported dev-only VPC with IAM/policy restrictions, and other "official" VPCs that devs are locked out of in various ways. Since then, devs had little incentive to learn and are again reliant on Ops for any deployment problems.

There's a common systematic belief of that because that's the sort of thing a lot of actual compliance regulations de facto require (i.e., they demand controls around software deploys, and putting enforcing that in the same hands as those wanting to deploy it, i.e., devs, will fail an audit).

Source: My employer is currently undergoing SOX compliance

And there's a good reason that separation of duties is in every compliance standard...

Not saying whether it's a good or bad idea, just that it's a common systematic belief because it's a required thing in many organizations.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact