Re: CVS vulnerabilities?
Thanks for the link--I didn't know about this. Still, switching to SVN would probably aggravate the problem, by draining users and developers away from CVS--hence slowing CVS' bug fixes and greater security enhancements. There's nothing magical about SVN--it is open source too and subject to the same time constraints and developer limitations of any other project. However, by dividing open source resources across two version control projects, the economy of scale is lost, and I'm concerned we will end up with two mediocre open-source version control systems instead. Glen --- Clay Leeds [EMAIL PROTECTED] wrote: I don't know who this should go to (they probably already know), but according to Reuters[1], the CVS system has some fairly significant holes. I know Forrest moved to SVN not too long ago. Have we thought of doing it ourselves? Web Maestro Clay [1] http://news.com.com/More+flaws+foul+security+of+open-source+repository/ 2100-7344_3-5229750.html?tag=macintouch
Re: CVS vulnerabilities?
On Jun 11, 2004, at 10:35 AM, Glen Mazza wrote: Thanks for the link--I didn't know about this. Still, switching to SVN would probably aggravate the problem, by draining users and developers away from CVS--hence slowing CVS' bug fixes and greater security enhancements. There's nothing magical about SVN--it is open source too and subject to the same time constraints and developer limitations of any other project. However, by dividing open source resources across two version control projects, the economy of scale is lost, and I'm concerned we will end up with two mediocre open-source version control systems instead. Glen Point well-taken about diluting the pool of OSS projects and available developers... My point in bringing this up was more to put the alert out there, and also to note that other projects @apache.org (most notably forrest) have moved to SVN. Being a relative newbie to CVS, it doesn't make much difference to me which one we use, although I definitely like the idea of supporting one system and sticking to it. Web Maestro Clay --- Clay Leeds [EMAIL PROTECTED] wrote: I don't know who this should go to (they probably already know), but according to Reuters[1], the CVS system has some fairly significant holes. I know Forrest moved to SVN not too long ago. Have we thought of doing it ourselves? Web Maestro Clay [1] http://news.com.com/More+flaws+foul+security+of+open-source+repository/ 2100-7344_3-5229750.html?tag=macintouch
CVS vulnerabilities?
I don't know who this should go to (they probably already know), but according to Reuters[1], the CVS system has some fairly significant holes. I know Forrest moved to SVN not too long ago. Have we thought of doing it ourselves? Web Maestro Clay [1] http://news.com.com/More+flaws+foul+security+of+open-source+repository/ 2100-7344_3-5229750.html?tag=macintouch
Re: CVS vulnerabilities?
There's a big push within Apache to adopt Subversion, and I suppose it will get to us in the near future. However, if we go there, I don't think it would be for this reason primarily. What are the security vulnerabilities of SVN? Nobody knows yet, and SVN has not been targeted. At least there is a major focus on security issues now with CVS. You could ask on [EMAIL PROTECTED] about the security status of Apache's CVS server and the relative security of SVN. All CVS updates are SSH tunnelled, AFAIK. Peter Clay Leeds wrote: I don't know who this should go to (they probably already know), but according to Reuters[1], the CVS system has some fairly significant holes. I know Forrest moved to SVN not too long ago. Have we thought of doing it ourselves? -- Peter B. West http://www.powerup.com.au/~pbwest/resume.html