RE: CVS access control

Thu, 27 Sep 2001 08:01:11 -0700 

Is this of use to this argument?
http://members.home.net/minyard/cvs-thoughts.html

We've found Corey's ACL patches work well for what we want - but we still
don't have a good "encrypted" connection yet to our server (pserver
operation,
this allows us to keep the CVS server running as "non-root", and keeps
accounts
off the unix machine itself)

I'm keen to hear what is recommended, we where toying with
the idea of SSH tunnelling to a pserver CVS server - if this is
even possible - ?

Regards,
Andrew

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 27 September 2001 02:22
To: [EMAIL PROTECTED]
Subject: Re: CVS access control


[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
>
> I'd say it would even be better off without password authentication at all
> (and use pserver only where public access is wanted).

Me too!   :-)  [[ PLEASE!!!! ]]

> Sorry for beeing unclear.  pserver and ssh does the authentication (who
are
> you?).  When I say "access control", I'm thinking of authorization (who
> should be able to do what).  I do think that authentication is out of the
> scope of CVS (ok, pserver _is_ already a part of CVS ... but anyway ...). 

CVS is not a security tool -- it simply manages a bunch of files.  You
do not want to even think about trying to make CVS into a security tool
-- that would be bad design and any implementation would inevitably be
doomed to ultimate failure since it could not, by definition, meet the
design goals.

I.e. CVS has no business doing anything related to access control,
authentication, authorisation, or anything related.

Use your OS to implement security policy and CVS will (have to) honour
your policy -- why make it any more complicated than that, since that's
all that's really necessary.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>     <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Reply via email to