On Wed, Aug 09, 2000 at 10:53:10AM -0400, Greg A. Woods wrote: > I.e. Justin: Please do not continue to publicly promote your patch -- > it is not an improvement in security and continued promotion will give > CVS users a false sense of security. In fact I will continue to > strongly suggest that you not even use it for yourself! Is it as easy for a WinCVS user to set up ssh as it is to set up pserver? No. That's a fact. And so long as it's a fact I am going to use pserver. And so will other people. And so long as that's true we might as well at least make the damn thing as secure as it can be. > (Mind you -- I cannot say the above without also stressing the risks of > something like SSH are not zero -- the server must still trust the > physical hardware and the operating system within the client since SSH > can easily be used covertly by a virus or worm! This means that SSH > users on both ends of the connection must continually secure their > systems and provide reasonable assurances against such covert use!) Not to mention trusting the users. I don't trust them. I don't actually see ssh as significantly increasing my security because even with maximal security between the user and the server, I still don't trust the user. You are still thinking inside the professional software development shop box where issues like not trusting your users don't come up. Justin
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Mark Harrison
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Tobias Weingartner
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Paul Sander
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Tobias Weingartner
- Re: cvs-nserver and latest CVS advisory (Was: patch to ... Derek R. Price