Re: what's to stop a developer from nuking the repository?
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ] Subject: Re: what's to stop a developer from nuking the repository? have unix command line users use :pserver: That's really Really REALLY _B_A_D_ advice There is absolutely _NO_ accountabilty or any other form of security in pserver. DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS The right solution is to continue to follow good systems security practices and to make sure all your users are aware of _all_ of your security practices. Backups are part of that solution. Good solid authentication, authorisation, and accountability are also part of that solution. -- Greg A. Woods +1 416 218-0098 VE3TCPRoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods: [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ] Subject: Re: what's to stop a developer from nuking the repository? have unix command line users use :pserver: That's really Really REALLY _B_A_D_ advice There is absolutely _NO_ accountabilty or any other form of security in pserver. DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS Has anybody made a long wishlist of things to be changed in pserver? I think the idea behind pserver is ok, but when I see these uppercase letters above I wonder what we could/should do about it if it should work properly. Or maybe just give the message DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS when you do a 'cvs login' ? ;-) Best regards, Claus GĂ„rde Henriksen ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Replacing the head revision
Hello, this may be a newbie Q, so I apologize, but my reading of the Cederqvist did not help me... I got a modified copy of my source back. Now I want to replace me head revision with this code. As I had troubles understanding versioning, my current code is in the branch VER_1-bt. I have (manually) updated this branch to the new source. I would like to either: 1) Force update -j VER_1-bt to just replace, not merge, the branch or 2) Force import (as described on Cederqvist p. 79) not to merge. Any ideas? Thanks for your help! Alex ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
At 04:15 AM 1/20/2004, Andy Jones wrote: am I right in thinking that Greg's opinion does not reflect the majority view? No. And besides, Greg is one of the resident experts on CVS. Listen to him. Fred ___ Frederic W. Brehm, Sarnoff Corporation, http://www.sarnoff.com/ ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
Andy Jones wrote: Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods: [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ] Subject: Re: what's to stop a developer from nuking the repository? have unix command line users use :pserver: That's really Really REALLY _B_A_D_ advice There is absolutely _NO_ accountabilty or any other form of security in pserver. DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS snip Please forgive me if I am mistaken, and in any case I certainly don't want to start a flame war, but am I right in thinking that Greg's opinion does not reflect the majority view? I refuse to make any claims vis-a-vis a majority view, but I would say that his statement reflects a common opinion among folks who are concerned with security. pserver is unsuitable for anything other than anonymous, read-only access. Really. If you are using it for anything else, you are trusting your users to just be nice, in effect. Regards, Geoff ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
CVS with SMB/Winbind Authentication
Hi, I am not sure if this is the appropriate forum to post this message, and, if it is not, hopefully someone can point me in the right direction, I have been trying to find the generic users mailing list for CVS Anyhow, to my question. I am attempting to use CVS with system authentication being handled by Winbind/Samba. I know that Winbind and Samba are functioning correctly since I use this service for other things. Is there something special that must be done with CVS to make this function? David Morrow Systems Technical Lead, IT Operations P: (519) 951-6079 F: (519) 451-6615 mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ..poor planning on your part does not make an emergency on my part This message has originated from Autodata Solutions. The attached material is the Confidential and Proprietary Information of Autodata Solutions. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please delete this message and notify the Autodata system administrator at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
At 04:15 AM 1/20/2004, Andy Jones wrote: am I right in thinking that Greg's opinion does not reflect the majority view? No. And besides, Greg is one of the resident experts on CVS. Listen to him. I didn't say that his point of view was not valid. I didn't say that he was wrong. Please do not jump to conclusions. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS with SMB/Winbind Authentication
Dave Morrow wrote: Hi, I am not sure if this is the appropriate forum to post this message, and, if it is not, hopefully someone can point me in the right direction, I have been trying to find the generic users mailing list for CVS Anyhow, to my question. I am attempting to use CVS with system authentication being handled by Winbind/Samba. I know that Winbind and Samba are functioning correctly since I use this service for other things. Is there something special that must be done with CVS to make this function? There is a pam_winbind module from samba, but I think CVS will only use pam for authentication if run through ssh or rsh tunnels. Hope that helps, -- Scott Moynes ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: what's to stop a developer from nuking the repository?
Andy Jones [mailto:[EMAIL PROTECTED] wrote: At 04:15 AM 1/20/2004, Andy Jones wrote: am I right in thinking that Greg's opinion does not reflect the majority view? It seems to me that the more one learns about computer security, the more one tends to agree with Greg on this issue. No. And besides, Greg is one of the resident experts on CVS. Listen to him. I didn't say that his point of view was not valid. I didn't say that he was wrong. Please do not jump to conclusions. Now you're the one jumping to conclusions ;=) Nobody accused you of saying that Greg was wrong, or that his point of view was not valid. -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. (http://www.leitch.com/) Columnist, C/C++ Users Journal (http://www.cuj.com/experts) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[EMAIL PROTECTED] wrote: Please forgive me if I am mistaken, and in any case I certainly don't want to start a flame war, but am I right in thinking that Greg's opinion does not reflect the majority view? I can't speak for the majority, but I pretty much agree with Greg. Quibble time: *if* you run cvs on a network you're sure is secure and everybody on it can be absolutely trusted (to the point where you'd be perfectly comfortable giving the root password to anybody who had an actual need for it), pserver is usable. It serves to prevent mistakes. It may be slightly easier to set up than rsh, or it may not be. However, if there is any shadow of doubt, then all pserver gives you is anonymous access, since anybody who wants to do anything not directly traceable to themselves can easily use somebody else's identity. Given a valuable code base, and employees, I'd figure that the danger of having a disgruntled employee is there, and I'd want to use something more traceable than pserver. 90% of security risks are people inside your firewall. Either by accident or design the people you work with will cause the most loss of data or files from your repository (Mostly by accident.) The only real way to protect your repository is by use of secure connections with ssh-tunneling and good backups. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[EMAIL PROTECTED] writes: Quibble time: *if* you run cvs on a network you're sure is secure and everybody on it can be absolutely trusted (to the point where you'd be perfectly comfortable giving the root password to anybody who had an actual need for it), pserver is usable. It serves to prevent mistakes. I think that's still overstating the case. If you run CVS on a network where you can trust people enough that you're confortable running telnet or rlogin, then pserver is fine. -Larry Jones It COULD'VE happened by accident! -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS with SMB/Winbind Authentication
On Tue, Jan 20, 2004 at 10:38:55AM -0500, Scott Moynes wrote: Dave Morrow wrote: Hi, I am not sure if this is the appropriate forum to post this message, and, if it is not, hopefully someone can point me in the right direction, I have been trying to find the generic users mailing list for CVS Anyhow, to my question. I am attempting to use CVS with system authentication being handled by Winbind/Samba. I know that Winbind and Samba are functioning correctly since I use this service for other things. Is there something special that must be done with CVS to make this function? There is a pam_winbind module from samba, but I think CVS will only use pam for authentication if run through ssh or rsh tunnels. No, not at all. PAM support has been added to CVS in the 1.12 series. Check the docs for how to use it. -- Steve McIntyre, Cambridge, UK.[EMAIL PROTECTED] Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the far end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer pgp0.pgp Description: PGP signature ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: Ignore dirs/no-ext-files
Fabian Cenedese [mailto:[EMAIL PROTECTED] wrote: Is it possible with .cvsignore/CVSIGNORE/cvswrapper to ignore a directory? Yes, just put the directory name in a .cvsignore file, in the parent directory of the directory you want to ignore. And as other variant: Can I make a rule for files without extension? *. or just * didn't work. Hmmm... I'm not sure how fancy the wildcard recognition is for .cvsignore. I don't think it can handle this. -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. (http://www.leitch.com/) Columnist, C/C++ Users Journal (http://www.cuj.com/experts) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: what's to stop a developer from nuking the repository?
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] wrote: *if* you run cvs on a network you're sure is secure and everybody on it can be absolutely trusted (to the point where you'd be perfectly comfortable giving the root password to anybody who had an actual need for it), pserver is usable. That kind of secured network is becoming more and more rare, though. Even if you could trust all your users with the root password, these days most corporate networks are connected to the Big Bad Internet. Unfortunately, many companies use the Crunchy on the outside, soft and chewy on the inside security model. All it takes is a single Trojan Horse or a virus to get into a single computer inside your firewall, and your entire network can be compromised. -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. (http://www.leitch.com/) Columnist, C/C++ Users Journal (http://www.cuj.com/experts) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
On Tue, 20 Jan 2004 11:03:38 -0500 (EST), Larry Jones [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: Quibble time: *if* you run cvs on a network you're sure is secure and everybody on it can be absolutely trusted (to the point where you'd be perfectly comfortable giving the root password to anybody who had an actual need for it), pserver is usable. It serves to prevent mistakes. I think that's still overstating the case. If you run CVS on a network where you can trust people enough that you're confortable running telnet or rlogin, then pserver is fine. I'd agree. I'm not on the network/admin team at my place of employment, but I do admin cvs and other source code control utilities. EVERYONE here uses telnet,rlogin and rsh, so it didn't really make sense for me to tighten up the pserver (over ssh) connections. -Larry Jones It COULD'VE happened by accident! -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: CVS with SMB/Winbind Authentication
Been there done that. All the manual says it requires is pam_unix.so, I have added lines to include winbind My /etc/pam.d/cvs auth required /lib/security/$ISA/pam_unix.so accountrequired /lib/security/$ISA/pam_unix.so auth required /lib/security/pam_winbind.so accountrequired /lib/security/pam_winbind.so David Morrow Systems Technical Lead, IT Operations P: (519) 951-6079 F: (519) 451-6615 mailto: [EMAIL PROTECTED] ..poor planning on your part does not make an emergency on my part This message has originated from Autodata Solutions. The attached material is the Confidential and Proprietary Information of Autodata Solutions. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please delete this message and notify the Autodata system administrator at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: Steve McIntyre [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 11:18 AM To: Scott Moynes Cc: Dave Morrow; '[EMAIL PROTECTED]' Subject: Re: CVS with SMB/Winbind Authentication On Tue, Jan 20, 2004 at 10:38:55AM -0500, Scott Moynes wrote: Dave Morrow wrote: Hi, I am not sure if this is the appropriate forum to post this message, and, if it is not, hopefully someone can point me in the right direction, I have been trying to find the generic users mailing list for CVS Anyhow, to my question. I am attempting to use CVS with system authentication being handled by Winbind/Samba. I know that Winbind and Samba are functioning correctly since I use this service for other things. Is there something special that must be done with CVS to make this function? There is a pam_winbind module from samba, but I think CVS will only use pam for authentication if run through ssh or rsh tunnels. No, not at all. PAM support has been added to CVS in the 1.12 series. Check the docs for how to use it. -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the far end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
Title: Re: what's to stop a developer from nuking the repository? You should be making this choice (pserver or not) based on what security you want/need. Realistically this is going to be somewhere between perfection and better_than_I_had_already. Lets face it if you were using a shared writeable filestore before then CVS with pserver is a million times better. Ade __ This outgoing email was virus scanned for HESA by MessageLabs. __ ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: What's to stop a developer from ...
hacking the CVS server with an axe, then setting fire to the whole building? You see, I'm evaluating the advantages and disadvantages of various version control systems, so I'd like to know how secure CVS is. :) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[ On Tuesday, January 20, 2004 at 10:06:32 (+0100), Claus Henriksen wrote: ] Subject: Re: what's to stop a developer from nuking the repository? Has anybody made a long wishlist of things to be changed in pserver? There is only one thing that can be changed: the PSERVER code should be entirely removed from CVS. The the only sane alternative is to simplify it to the point that it refuses to work unless the client is doing a read-only operation. I think the idea behind pserver is ok No, it's not even a tiny bit OK. It is the most lame excuse one can imagine for any client/server protocol on a public network, especially in this day. CVS pserver shouldn't even be used for anonymous read-only access, at least not if you care about the integrity of the data you send or receive, though that particular issue is really more a matter of finger pointing. One can use RSH over a public network, but at least if a CVS user uses RSH and then suffers as a result it's not the fault of CVS, but rather the fault of the user having used RSH. -- Greg A. Woods +1 416 218-0098 VE3TCPRoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ] Subject: Re: what's to stop a developer from nuking the repository? I think that's still overstating the case. If you run CVS on a network where you can trust people enough that you're confortable running telnet or rlogin, then pserver is fine. Telnet and rlogin and similar still provide on heck of a lot more accountability (over a trusted network) than pserver could ever possibly do. If you have a trusted network and you do feel comfortable with telnet and rlogin then USE THEM -- DO NOT USE PSERVER. -- Greg A. Woods +1 416 218-0098 VE3TCPRoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[ On Tuesday, January 20, 2004 at 10:58:32 (-0500), Mike Echlin wrote: ] Subject: Re: what's to stop a developer from nuking the repository? 90% of security risks are people inside your firewall. Well, yes, though it depends on your threat models and exactly what you're doing and how you're doing it. In any case the biggest problem with pserver is that it precludes the very possibility of having any real accountability. There are very basic and fundamental reasons why every user _MUST_ have a unique identity inside a computing system. While pserver can maintain that uniqueness, it does nothing to prevent users from forging their identity -- indeed it makes it trivial for users to forge their identity. Worse though pserver can just as easily be configured to have no uniqueness of identity (which of course is no big loss given its other failings, but still...). The only real way to protect your repository is by use of secure connections with ssh-tunneling and good backups. Those are part of the picture -- there's also a whole world of other things that should be done to maintain a good secure computing environment. -- Greg A. Woods +1 416 218-0098 VE3TCPRoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
CVS server running on NT
I need to install CVS on an NT box. According to the FAQ page on cvshome.com the NT version of the CVS server is available at http://www.cvsnt.org/ . I have a few questions and I hope someone can help me answer them. 1) I have worked with Apache and all versions of the Apache can be obtrained from a single web site. Why is the CVS on NT offered through a different web site? Are these folks the same team or a different development team than the cvshome.com ? 2) Is CVS NT from cvsnt.org a subset,a superset, or a very different version of the CVS offered on Linux and Unix ? 3) Is the email list [EMAIL PROTECTED] dedicated to mostly CVS on Linux/Unix ? I noticed that the cvsnt.org folks have their own separate email list. Sam __ Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Selectively enable branching rights
Hello, Can somebody tell me how to selectively give rights to a certain set of users, the rights to branch etc. Thanks Puru ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ] Subject: Re: what's to stop a developer from nuking the repository? I think that's still overstating the case. If you run CVS on a network where you can trust people enough that you're confortable running telnet or rlogin, then pserver is fine. Telnet and rlogin and similar still provide on heck of a lot more accountability (over a trusted network) than pserver could ever possibly do. The key here is accountability, I think. pserver has effectively no accountability, and telnet/rlogin have some (as far as I know). If you have a trusted network and you do feel comfortable with telnet and rlogin then USE THEM -- DO NOT USE PSERVER. The logic for using pserver over ssh would be that it's harder to set ssh up right. Not a really compelling reason, but it's all I can think of. However, setting rsh up is as trivial as setting pserver up, so I'd have to agree here. -- Now building a CVS reference site at http://www.thornleyware.com [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Replacing the head revision
Hi Jim, all thanks for the answer so far, hope I am not getting on everybodys nerves here... First, are you absolutely certain that you do *not* want to merge this file? Copying a file from a branch to a trunk is an unusual action. I am not completely sure, but this is what happened: Not understanding branches as well as I should, I created two branches, VER_1-bt and VER_2-bt. VER_2-bt is to be stuff for the next release, at some point, I would like to merge that, but not now. I continued to work not in the head (because I misunderstood branches and stuff), but in VER_1-bt. So what I have in VER_1-bt is, de facto, the current, QA'ed, released and shipping version. (A copy of it also resides somewhere else on my disk.). What's in the head is pretty irrelevant to me at this point (The VER_2-bt branch is a different matter, but it does not get touched here) To me, it looks like I want to replace the head version, especially as cvs complains about each and every $Revision$ keyword. Of course they differ, but can't vim handle that when I do a merge? If not, which revision number should I keep in the file? Or throw them out altogether? I would appreciate any further hints you have. I will read the documentation on the commands, and I have read the Cederqvist. But links to other tutorials would be appreciated. Thanks Alex Am 20.01.2004 um 17:19 schrieb Jim.Hyslop: Alexander von Below [mailto:[EMAIL PROTECTED] wrote: this may be a newbie Q, so I apologize, but my reading of the Cederqvist did not help me... I got a modified copy of my source back. Now I want to replace me head revision with this code. As I had troubles understanding versioning, my current code is in the branch VER_1-bt. I have (manually) updated this branch to the new source. First, are you absolutely certain that you do *not* want to merge this file? Copying a file from a branch to a trunk is an unusual action. cvs update -A filename cvs update -p -r VER_1-bt filename filename should do it. Make sure you understand what the above commands do before you use them. -- Jim Hyslop Senior Software Designer Leitch Technology International Inc. (http://www.leitch.com/) Columnist, C/C++ Users Journal (http://www.cuj.com/experts) ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
On Tue, 20 Jan 2004 14:08:45 -0500 (EST), Greg A. Woods [EMAIL PROTECTED] wrote: [ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ] Subject: Re: what's to stop a developer from nuking the repository? I think that's still overstating the case. If you run CVS on a network where you can trust people enough that you're confortable running telnet or rlogin, then pserver is fine. Telnet and rlogin and similar still provide on heck of a lot more accountability (over a trusted network) than pserver could ever possibly do. Is there more than one way to run Pserver? All my pserver users have accounts on the unix box (err unix network) and they have to suplly a username and password to cvs login (most of them are wincvs users). how does this not give the same accountability as telnet or rlogin? everything they do has their username/group on it (commits adds etc) Maybe I missed the boat somewhere, but I don't get how this is different than if they werre on the box using local cvs commands and no pserver connection. If you have a trusted network and you do feel comfortable with telnet and rlogin then USE THEM -- DO NOT USE PSERVER. -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS server running on NT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sam Talebbeik [EMAIL PROTECTED] writes: I need to install CVS on an NT box. According to the FAQ page on cvshome.com the NT version of the CVS server is available at http://www.cvsnt.org/ . I have a few questions and I hope someone can help me answer them. 1) I have worked with Apache and all versions of the Apache can be obtrained from a single web site. Why is the CVS on NT offered through a different web site? Because it is a port to NT which does a very good job of working within the NT framework including a very nice GUI. There is a Windows client version of cvs (a command-line cvs.exe) available, but most of the cvshome.org developers do not spend much time doing anything with windows. If you need or want a server for NT, then you will want to use the CvsNT.org version of NT. Are these folks the same team or a different development team than the cvshome.com ? No, they are a different team. 2) Is CVS NT from cvsnt.org a subset,a superset, or a very different version of the CVS offered on Linux and Unix ? The CvsNT.org version of cvs interoperates with the cvshome.org version of cvs. The cvsnt.org folks have a few extensions that are not (yet) supported on cvshome.org and are missing a few that have recently been added. 3) Is the email list [EMAIL PROTECTED] dedicated to mostly CVS on Linux/Unix ? Well, some questions get answered for both versions on the [EMAIL PROTECTED] those that deal with the intersection of features between the two versions could be answered by either group. I noticed that the cvsnt.org folks have their own separate email list. Yes, I believe that is a 'better' place to ask your NT specific questions. -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFADc903x41pRYZE/gRAujjAKCFepyGBCCD5fuRX3foFY9ySrQgMQCgpY7h Zwr72QOt5LpuRPLiHw/id4g= =RVAQ -END PGP SIGNATURE- ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: what's to stop a developer from nuking the repository?
[ On Tuesday, January 20, 2004 at 14:18:53 (-0500), Larry Jones wrote: ] Subject: Re: what's to stop a developer from nuking the repository? Greg A. Woods writes: Telnet and rlogin and similar still provide on heck of a lot more accountability (over a trusted network) than pserver could ever possibly do. I disagree. Well you're free do disagree of course, but you are _very_ wrong. Rsh (and telnet, though one can't use telnet as-is for CVS) provide almost infinitely more accountability (over a trusted network) than CVS with pserver alone could ever possibly manage. If this isn't self-obvious to you then you really need to study basic trusted computing and how it's been applied and realized (to the extent that it can be realized) in the traditional Unix environment. (oh, and of course I mean to imply that this comparison is with normal Unix-like hosts as both client and server) (keep in mind that RSH can be trivially used with even more trust over a host-based IPsec VPN too) -- Greg A. Woods +1 416 218-0098 VE3TCPRoboHack [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED] Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs