flaws or bugs in the CVS implementation that pserver users can
trivially forge identities, or do you mean more traditional and
pervasive things like packet sniffing or snagging a peek at someone's
.cvspass file?
--
[EMAIL PROTECTED] (WJCarpenter)PGP 0x91865119
38 95 1B 69 C9 C6 3D 2573 46
?
The client/server spec describes this case. Where the server response
supplies a pathname, it's actually a pair of what most people think
of as pathnames, and there is a linefeed between them. Have a look at
section 5.10 (The pathname in responses).
--
[EMAIL PROTECTED] (WJCarpenter)PGP