[ On Saturday, August 5, 2000 at 15:49:21 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> > WinCVS works very well with SSH on NT -- I've no experience with Win9x,
>
> It most certainly does not!
It does. Even I could make it work with a very tiny amount of effort
and I've not done anything serious with M$-Win for well over 10 years
(i.e. back in the 2.1 days, around 1986 or so!).
> Do you want me to forward to you the 50 or so emails I got from windows
> users struggling to make it work? Do you know how many succeeded? Maybe
> if I flew to bulgaria or australia or brazil or wherever they happen to
> be then with some experience I could get it to work for them.
If you put together a simple little canned configuration for them and
published it along with other instructions you give to access your
server then you'd kill 50 problems with one solution.
> But guess what? These people are volunteering their time and energy to
> my project. They aren't willing to spend any effort on making their
> WinCVS/ssh system work when it fails. They just give up and do something
> different and I lose those resources.
Actually it sounds more like you'd do very well to loose their
resources. Yes, I do know that not every good programmer is an expert
with all the tools he or she is expected to use. However this is *VERY*
basic stuff and anyone not capable of solving such miniscule problems is
probably not able to solve other more important problems either.
> That's just unacceptable. I can tell you I tried your ssh solution for
> six months and now I'm running from it as fast and hard as I can before
> it kills my project.
>
> It's a disaster. It certainly does not work "very well". It's a failure.
It's *YOUR* disaster -- your responsibility, to yourself, to fix it.
You can hack on CVS if you wish but everyone in the know is telling you
to figure out how to make it easier for your users to use SSH and so
that you won't brind certain disaster upon yourself. Why don't you at
least *TRY*!
> It doesn't matter how much effort *I* am willing to put into it. It matters
> how much effort the client has to put into it--NOT VERY MUCH.
Obviously you're not thinking very far outside your box yet.
> Vapourware won't help me.
Something that's been proven to work in production in professional
software development shops around the worls obviously isn't ``vapourware''!
> Here are some simple facts. Pay attention:
>
> 1) I need to run pserver
No, you do not.
> 2) I need ACL
You will get sufficient ACLs iff you use real unix user-ids.
> 3) The patch I posted increases the security of pserver
No, it does not -- it clearly and plainly *DECREASES* it!
The cvspserver protocol is *more* secure *ONLY* if it *NEVER* runs as
root. This can be done, complete with chroot, TODAY! You're right only
in the fact that this particular combination might not provide the
access control requirements you've imposed on yourself by choosing to
run unrelated repositories on the same host.
> Sorry Greg, I tried it for the last six months, it just doesn't work.
> Maybe with a lot of fiddling it could be made to work on a client by
> client basis--but I don't even know who these people are, and they
> certainly aren't going to let me fiddle with their computers, even if
> somehow found the time and money to fly to Bulgaria or Brazil or Austrila
> or wherever to try.
>
> Here's a fact for you to digets: when I switched my pserver to ssh activity
> on my cvs repository dropped to near zero except for Unix people. When I
> reverted back to pserver interested picked up immediately.
>
> That's a fact. WinCVS/ssh just doesn't work, and if it can be made to
> work, it just isn't good enough for widespread use.
You're obviously not going to get anywhere if you don't support your
users sufficiently and appropriately.....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
