Greg A. Woods wrote, On 2002-11-15 00:49:

Because it's how remote CVS was designed to be used and because it is
the only way to make remote CVS access secure. CVS-pserver is not
secure in any way whatsoever and cannot be made secure.

That's partly wrong. If you set up the pserver and makes sure (either via inetd (hosts.deny/.allow) if that's your preferred way of launching it, or iptables etc) that only requests originating from 127.1 gets through, then by tunneling localport 2401 to remote port 2401 is absolutely secure.

First issue:
ssh -L2401:localhost:2401

Then set your CVSROOT to ":pserver:whatever@localhost:/repository" and off you go.

It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden).

My "two cents" anyway...

/
Fredrik



_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs


Reply via email to