> I hadn't caught this the first time. Not only is everyone using the same
> account, but CVS has no way of knowing who you really are. I don't worry too
> much about the former in our situation, but I do care about the latter.
Actually, I think that CVS does know who the user is
- or, at least, it should be relatively simple to add that.
I.e. two levels of (in)security:
(1) authenticate multiple real users to use the same OS user
account via SSH or the like, all to connect to the CVS server.
(2) now have the CVS server ask for an additional level
of authentication, so that it can tell CVS users apart.
But, again, you have to trust the CVS code to accomplish step (2)
properly, without bugs or holes.
