Why Drupal CVS access is on a per-project basis

Prior to May 2006, anyone with a CVS account could commit changes to any of the contributed project directories. We now prevent this, with the fundamental reason being "because we all make mistakes sometimes".

A more complete list:

1. New developers make mistakes (and experienced developers do too).
2. Mistakes mean that either the CVS admins and or project maintainers have to spend time cleaning them up.
3. Very few contributors are CVS experts (especially at first), so per-project access limits the havoc that one person can create while also enabling them to add their module to drupal.org.
4. Code that is committed without thorough peer review may introduce very serious bugs (including security holes) even when the change to the code appears to be trivial or obvious.
5. Because the release system is tightly coupled to CVS, we don't want just anyone to be able to create tags and releases since the Update Status module broadcasts those changes.
6. Per-project access means that a project maintainer has the ability to "set the vision" for the module, while also letting them add CVS access for co-maintainers whom they trust.

The following archived e-mails have more details:
http://lists.drupal.org/pipermail/development/2006-May/016096.html
http://lists.drupal.org/pipermail/development/2008-May/030059.html

If you find a project that is not being maintained, you should ask the project owner to add you to the CVS access list, or follow the procedure here to take the project over: Dealing with abandoned projects