By the way, what's the bottom line on CVS security
when run according to the various modes?
Here's what I understand:
CVS with its own dedicated socket/port
- I think this is called CVS pserver mode
Pretty much totally unsecure.
Naked socket. Trivial security.
CVS with its own dedicated socket/port
run across SSH
Transport secured, but the CVS socket/port
is open to the world on the remote machine,
and hence is insecure there, and on the
remote machine's network.
CVS kserver - probably okay
CVS using a non-socket/port transport like rsh or ssh
to connect to a server machine. "cvs server"
As secure as the transport.
E.g. requires account administration on the
machine on which cvs server will run.
CVS across a network filesystem
As secure as the filesystem and its transport.
Requires account administration on the
machine on which cvs server will run.