um, I'm a newbie at CVS, so I've read more of the documentation than anything else, but the answers I've seen so far for the security question seem to have missed one vital point. People have write access to spots in the repository, therefore they, just like CVS, can write as they please to the ,v files. That means that there is no guarentee that the history that is present in the repository reflects the actual events in history. This hole, even if it is not exploited in an organization because everybody is "good", is still a hole, and won't pass an audit. What I'll be testing next week, is a CVS server where no "users" exist in /etc/passwd, and all access rights are granted through pserver mapping CVS user IDs to security accounts. The admin can still bypass audit controls, but that's better than having my 1,000 users being enabled to. -CTH
_______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs