Mark,
Thanks for your cogent and lucid explanation. You cleared up a lot for me.
Please see in-line comments and questions.
On Sunday 29 February 2004 5:59 pm, Mark D. Baushke wrote:
[EMAIL PROTECTED] writes:
The problem is that the cvs directory is on the same machine as all
the other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
I have known others to make the cvs executable be set-gid to a 'cvs'
group and for all directories to be owned by a user 'cvs' and group
'cvs' and have 'u=rwx,g=rwxs,o=' (2770) permissions for all directories.
This
On Tuesday 20 January 2004 11:46 am, Andrew Marlow wrote:
Rhodes, Phillip C. [EMAIL PROTECTED] writes:
I am nervous that all my cvs archives are owned by a group that all of
our developers are a member of.
That is, any developer with a unix account (all of them) can nuke the
archives.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
The problem is that the cvs directory is on the same machine as all
the other server stuff including user's server home directories.
What you describe is a non-optimal setup. Do try to use a dedicated
machine which does
[ On Wednesday, January 21, 2004 at 13:12:05 (-0800), WJCarpenter wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
So, since it's unreliable to read between the lines to try to figure
out what you're saying, is it that there are bugs in the canonical CVS
[ On Tuesday, January 20, 2004 at 14:02:19 (-0600), johnny fulcrum wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
Is there more than one way to run Pserver?
Of course.
All my pserver users have
accounts on the unix box (err unix network) and they have
[ On Tuesday, January 20, 2004 at 15:13:08 (-0600), [EMAIL PROTECTED] wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
The key here is accountability, I think.
Indeed it is! ;-)
pserver has effectively no
accountability, and telnet/rlogin have some (as far as I
[ On Tuesday, January 20, 2004 at 15:13:08 (-0600), [EMAIL PROTECTED] wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
If you have a trusted network and you do feel comfortable with telnet
and rlogin then USE THEM -- DO NOT USE PSERVER.
The logic
gaw CVS is not a security application, was not designed as a security
gaw application, and despite recent hackish patches is not
gaw implemented as a security application. CVS does not provide the
gaw same level of authentication, and not even remotely the same
gaw level of authorization control,
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
have unix command line users use :pserver:
That's really Really REALLY _B_A_D_ advice
There is absolutely _NO_ accountabilty or any other form of security
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
have unix command line users use :pserver:
That's really Really REALLY _B_A_D_ advice
At 04:15 AM 1/20/2004, Andy Jones wrote:
am I right in thinking that Greg's opinion does not reflect the majority
view?
No.
And besides, Greg is one of the resident experts on CVS. Listen to him.
Fred
___
Frederic W. Brehm, Sarnoff
Andy Jones wrote:
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
have unix command line users use :pserver:
That's really Really REALLY _B_A_D_ advice
At 04:15 AM 1/20/2004, Andy Jones wrote:
am I right in thinking that Greg's opinion does not reflect the majority view?
No.
And besides, Greg is one of the resident experts on CVS. Listen to him.
I didn't say that his point of view was not valid.
I didn't say that he was wrong.
Please do not
Andy Jones [mailto:[EMAIL PROTECTED] wrote:
At 04:15 AM 1/20/2004, Andy Jones wrote:
am I right in thinking that Greg's opinion does not reflect
the majority view?
It seems to me that the more one learns about computer security, the more
one tends to agree with Greg on this issue.
No.
And
[EMAIL PROTECTED] wrote:
Please forgive me if I am mistaken, and in any case I certainly don't want
to start a flame war, but am I right in thinking that Greg's opinion does
not reflect the majority view?
I can't speak for the majority, but I pretty much agree with Greg.
Quibble time:
[EMAIL PROTECTED] writes:
Quibble time: *if* you run cvs on a network you're sure is secure
and everybody on it can be absolutely trusted (to the point where you'd
be perfectly comfortable giving the root password to anybody who had an
actual need for it), pserver is usable. It serves to
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] wrote:
*if* you run cvs on a network you're sure is secure
and everybody on it can be absolutely trusted (to the point
where you'd
be perfectly comfortable giving the root password to anybody
who had an
actual need for it), pserver is usable.
On Tue, 20 Jan 2004 11:03:38 -0500 (EST), Larry Jones
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] writes:
Quibble time: *if* you run cvs on a network you're sure is secure
and everybody on it can be absolutely trusted (to the point where you'd
be perfectly comfortable giving the root password to
Title: Re: what's to stop a developer from nuking the repository?
You should be making this choice (pserver or not) based on what security you want/need. Realistically this is going to be somewhere between perfection and better_than_I_had_already. Lets face it if you were using a shared
hacking the CVS server with an axe, then setting fire to the whole
building?
You see, I'm evaluating the advantages and disadvantages of various
version control systems, so I'd like to know how secure CVS is.
:)
___
Info-cvs mailing list
[EMAIL
[ On Tuesday, January 20, 2004 at 10:06:32 (+0100), Claus Henriksen wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
Has anybody made a long wishlist of things to be changed in pserver?
There is only one thing that can be changed: the PSERVER code should
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
I think that's still overstating the case. If you run CVS on a network
where you can trust people enough that you're confortable running
telnet
[ On Tuesday, January 20, 2004 at 10:58:32 (-0500), Mike Echlin wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
90% of security risks are people inside your firewall.
Well, yes, though it depends on your threat models and exactly what
you're doing and how you're
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
I think that's still overstating the case. If you run CVS on a network
where you can trust people enough that you're confortable running
telnet
On Tue, 20 Jan 2004 14:08:45 -0500 (EST), Greg A. Woods [EMAIL PROTECTED]
wrote:
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
I think that's still overstating the case. If you run CVS on a network
[ On Tuesday, January 20, 2004 at 14:18:53 (-0500), Larry Jones wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
Greg A. Woods writes:
Telnet and rlogin and similar still provide on heck of a lot more
accountability (over a trusted network) than pserver could
27 matches
Mail list logo