[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS Security Issues
From: |
Derek Robert Price |
Subject: |
Re: CVS Security Issues |
Date: |
Thu, 18 Dec 2003 15:16:32 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
McNamee, John wrote:
>I think moving the password file out of CVSROOT would be a bad idea.
>
>(1) It would just give a false sense of security to lusers
>(unfortunately,
>many lusers have the title "System Administrator" on their business
>card,
>but they're still lusers).
I agree.
>(2) It would break systems with multiple repositories that each have
>their
>own user/password list.
No it wouldn't. If you look at the way these patches are implemented,
they only override the options in CVSROOT/passwd when they exist. If
they don't exist, or don't exist for a specific repository, CVS would
fall back on CVSROOT/passwd.
Also, both patches have a file format like:
<repository>
<options>...
<repository2>
<options>...
>(3) It would make backing up an entire repository a little more
>difficult.
>
>I wouldn't complain if this became a compile-time configuration option,
>so those who want it can have it. Just don't make it the default.
Due to the override nature, these would effectively be run-time options.
Derek
- --
*8^)
Email: address@hidden
Get CVS support at <http://ximbiot.com>!
- --
In matters of style, swim with the current; In matters of principal,
stand like a rock.
- Thomas Jefferson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQE/4gsfLD1OTBfyMaQRAsYtAKDzJGT6ABz8OMztN6Tor6yZf8EAygCgkfG/
hA84tc0wzdJNq2G/anwg6+M=
=4QFY
-----END PGP SIGNATURE-----