On Thu, Sep 14, 2000 at 04:46:30PM +0100, Alan Cox wrote:
> That isnt the problem. Its what is in the source data you have to worry about.
> CVS also uses SSH happily. That doesn't stop attacks on either by feeding the
> server/input side bogus metadata
True, but ssh checks for an authentic key from the server,
and if ssh is set up properly, it may eliminate at least some malicious
attacks (ie someone sending bogus metadata). Even though CVS can use ssh, it
irks me that it doesn't by default and you have to set it up. i'm a lazy
bastard; i like things to be set to safe defaults so i don't have to change
them.
--
Nathan Paul Simons, Programmer for FSMLabs
http://www.fsmlabs.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
- Re: Proposal: Linux Kernel Patch Management Sy... David S. Miller
- Re: Proposal: Linux Kernel Patch Managemen... Daniel Quinlan
- Re: Proposal: Linux Kernel Patch Manag... David S. Miller
- Re: Proposal: Linux Kernel Patch ... Theodore Y. Ts'o
- Re: Proposal: Linux Kernel Pa... Rogier Wolff
- Re: Proposal: Linux Kernel Pa... Theodore Y. Ts'o
- Re: Proposal: Linux Kernel Pa... David Lang
- Re: Proposal: Linux Kernel Pa... Alan Cox
- Re: Proposal: Linux Kernel Pa... Nathan Paul Simons
- Re: Proposal: Linux Kernel Pa... Alan Cox
- Re: Proposal: Linux Kernel Pa... Nathan Paul Simons
- Re: Proposal: Linux Kernel Pa... almesber
- Re: Proposal: Linux Kernel Pa... Richard Gooch
- Re: Proposal: Linux Kernel Pa... Russell King
- Re: Proposal: Linux Kernel Pa... Richard Gooch
- Re: Proposal: Linux Kernel Pa... David S. Miller
- Re: Proposal: Linux Kernel Pa... Alan Cox
- Re: Proposal: Linux Kernel Patch Managemen... Erik Andersen
- Re: Proposal: Linux Kernel Patch Management System Theodore Y. Ts'o
- Re: Proposal: Linux Kernel Patch Management System Mitchell Blank Jr
