Re: cvs-nserver 1.10.7.1: new direction for CVS-over-network development

2000-06-08 Thread Tony Hoyle 

Alexey Mahotkin wrote:
 It almost cleanly applies to cvs-1.10.8 and, as the matter of fact, the new
 release of cvs-nserver will be against 1.10.8.  The most significant
 modification of original code is the removal of about 600 lines from
 server.c, yet it is still way, way too long.

Ahh...  server.c is the most heavily modified part of cvsnt (Essentially I had to 
rewrite
half of it to use threads rather than forking).   Much fun ahead, methinks...
 
 There is an obvious task to improve server.c by splitting kerberos- and
 GSSAPI-related code from it thus creating cvs-kserver and cvs-gserver.
 There is probably also need to create cvs-sslserver (I have not
 investigated yet whether we could get along with ssl-tunnel'ed server (we
 surely can not get along with ssl-tunneled client as it almost has nothing
 to tunnel)).

For NT you would also need cvs-ntserver.  It might be worth investigating whether
cvs-kserver could be ported to NT too (although the MS documentation on this is worse
than useless).
 
 It seems to me that checkpassword scheme is sub-perfect for NT though I
 could be wrong.  I've tried to research security aspects of NT but has not
 reached considerable results.  And after I learned about your project and
 changed job recently hoping not to see MS in a lifetime no more (though it
 seems like I will have to anyway) I completely relaxed and thought that I'd
 be better off with CVS under UNIX.  Though I will be glad if nserver will
 influence the development of NT-CVS or vice versa.

Under NT you can't do setuid, and you can't check against a pre-encrypted system 
password.  The only
way to validate a password is to attempt a non-interactive login (after which you can 
change you UID
to it).  Of course this means you need the original plain-text password to work, and 
this has security
implications.  There isn't a way around this as far as I can see.  

Tony

-- 

#define QUESTION ((bb) || !(bb)) - Shakespeare

[EMAIL PROTECTED]

Re: cvs-nserver 1.10.7.1: new direction for CVS-over-network development

2000-06-07 Thread olarsac 



As Alexey stated, it could be good to put a clear list of new features required
for a next generation CVS network code.
Here we use CVS every day (yes, even during suny sundays ;) and we are really
happy with it!
But (there is always a 'but') we have some concerns regarding network.
We need something to improve the  transmission of (big) files.
I don't know the intrinsics of CVS but it would be really good if:
- files are transmitted by incremental diffs (like rsync)
- files are transmitted compressed on a per file basis (to avoid trying to
compress kinds of files like jpegs)
- the compression scheme may even extend to repository storage? (but this may be
another topic)
- keep in mind that there are WAN with BIG latency (here 300ms) and round-trips
may kill us. (this is why we choose CVS instead of clearcase... clearcase on a
laging WAN is really a disaster)

I know these topics have already been discussed... but there is really something
to do here.
just my 2c...

 Olivier

Re: cvs-nserver 1.10.7.1: new direction for CVS-over-network development

2000-06-07 Thread Tony Hoyle 

Alexey Mahotkin wrote:
 
 I have finally managed to announce that
 
 http://alexm.here.ru/cvs-nserver/
 
 contains cvs-nserver-1.10.7.1 for couple of weeks already.  cvs-nserver is
 the rewritten and improved :pserver: mode for CVS.

Hmm...  How much of a diff is this from the cvs-1.80.8.tar.gz?  It'd be nice to be 
able to add
this to the NT version.

Tony

-- 

#define QUESTION ((bb) || !(bb)) - Shakespeare

[EMAIL PROTECTED]