[ On Friday, June 1, 2001 at 15:45:16 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Huh? All I've seen are patches to CVS, not a proper stand-alone module!
>
> Perhaps I don't understand. What exactly are you proposing?
If you want to use S
"Greg A. Woods" wrote:
> [ On Friday, June 1, 2001 at 13:59:20 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > "Greg A. Woods" wrote:
> > >
> > > So build your little "provider" as an external program
[ On Friday, June 1, 2001 at 13:59:20 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> "Greg A. Woods" wrote:
> >
> > So build your little "provider" as an external program that CVS can call
> > and there'll be no problem! (wel
Greg A. Woods writes:
>
> My suggestion has *ALWAYS* been to only ever store just unix-format text
> files in CVS (even if your repository doesn't currently sit on a proper
> unix-like system). How you do that is up to you. My suggested
> implementation has (always, iirc) been to do the convers
[ On Saturday, June 2, 2001 at 07:42:50 (+0800), Mark Harrison wrote: ]
> Subject: Re: CVS & SSL
>
> Are you suggesting that we should not rely on our version control system
> to generate well-formed text files?
No, I'm suggesting that if you have to rely on using non
"Greg A. Woods" wrote:
> > Well, yeah. I think this discussion started about the generic socket
> > provider hook I provided, initially with the idea that it would be useful
> > with an SSL provider. This leaves CVS room to use authenticating and
> > non-authenticating channel providers now - a
From: Greg A. Woods <[EMAIL PROTECTED]> wrote:
> I'd suggest looking deeper into what SSH can really do; and also into
> better ways of dealing with inter-platform end-of-line issues that don't
> rely on your version-control tool to do the translation!
Are you suggesting that we should not rely o
[ On Thursday, May 31, 2001 at 08:34:21 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> Well, there _is_ a basis of at least suggesting models in the docs. I know
> that when I was a novice user I much preferred, "well, this'll get you up
> and
"Greg A. Woods" wrote:
> I am most definitely not limiting CVS to any security model! I am
> arguing vehemently for total elimination of any *and* all security
> models from *within* CVS. CVS has no business even suggesting an
> appropriate security model for anyone -- in a client/server
> impl
[ On Thursday, May 24, 2001 at 14:00:51 (-0500), Thornley, David wrote: ]
> Subject: RE: CVS & SSL
>
> Unless you can provide me with a way to use :ext: that handles different
> line-ending conventions properly
Use of :ext: and any handling of end-of-line issues is orthogonal.
&
[ On Thursday, May 24, 2001 at 15:26:17 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Maybe I need to ask for people to help me to produce a new release of
> > CVS based on my current private work so that a safe alternative
> > implementation is pub
[ On Thursday, May 24, 2001 at 15:26:17 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> By limiting CVS to :ext: you are limiting the choice of security models to those
> which provide _shell_accounts_on_the_server_! The socket provider model allows for
> any sor
Thornley, David writes:
>
> If CVS simply offered only the :ext: method, and a central server was used
> by people logging in from Macintoshes, Windows boxes, and Unix boxes,
> how would it keep the line-ending conventions straight? With pserver, the
> reads on the local files are performed by t
"Greg A. Woods" wrote:
> [ On Thursday, May 24, 2001 at 08:58:22 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
> > And I don't like allocating
[ On Thursday, May 24, 2001 at 08:58:22 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
> And I don't like allocating and tracking ports on my local machine for each CVS
>
And another few notes that might help convince you:
1. This patch makes no changes to the existing server
2. Nobody is required to use pserver
3. pserver isn't required to run as root
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTE
"Greg A. Woods" wrote:
> SSH can work that way to, obviously.
I don't _want_ to take the trouble to set up a separate SSH tunnel each time.
And I don't like allocating and tracking ports on my local machine for each CVS
server I connect to.
> setuid too? in CVS? grrr...
>
> DO NOT DO ANY SEC
[ On Wednesday, May 23, 2001 at 14:39:56 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> I only added code to cvs to exec an external "socket provider" and then run
> a pserver connection over that link. Whether that socket provider is
> cleartex
"Greg A. Woods" wrote:
> [ On Wednesday, May 23, 2001 at 10:30:22 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > Yes there is. The connection can no longer be sniffed. Stealing a
> > user's password would now require access
[ On Wednesday, May 23, 2001 at 10:30:22 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> Yes there is. The connection can no longer be sniffed. Stealing a
> user's password would now require access to the user's machine to read
> the .cvspass file
"Greg A. Woods" wrote:
> [ On Tuesday, May 22, 2001 at 00:44:41 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > > Why does this have to be made so "difficult"?
> >
> > Writing an RSH wrapper was my first idea.
[ On Tuesday, May 22, 2001 at 00:44:41 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Why does this have to be made so "difficult"?
>
> Writing an RSH wrapper was my first idea. It turned out to be difficult because
> CVS expects RSH to hand
"Greg A. Woods" wrote:
> [ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> > Subject: Re: CVS & SSL
> >
> > P.S. the following script is necessary to use tcpclient with the patch:
> >
> > [dprice@empress ccvs-ssl]$ cat
[ On Monday, May 21, 2001 at 17:12:11 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> P.S. the following script is necessary to use tcpclient with the patch:
>
> [dprice@empress ccvs-ssl]$ cat tmp.sh
> #! /bin/sh
> cat <&6 &
> cat >&7
&
"Derek R. Price" wrote:
> Hmmm come to think of it I never tried sticking tcpclient in in
> place of stunnel to test the stunnel bug theory... that may be a good
> place to start for anyone who has time.
Okay, I take that back. I just tried sticking tcpserver in in place of stunnel
and my
25 matches
Mail list logo
