Around 8 o'clock on Nov 19, Keith Whitwell wrote: > Is it foolhardy to continue running anoncvs, especially without the checks & > balances which caught the backdoor attempt in linux?
The pserver running on fd.o has been specially hacked to run as 'nobody' from the very start, unlike most pserver implementations which run as root and setuid to the user specified in the CVS password file. I think this should make it rather difficult to affect any of the repositories on fd.o unless files in those directories are world writable. But, if we want to be extra paranoid, the right solution is to have anoncvs use a separate mirror machine rsynced from the main repository. I'd like to avoid that as it makes anoncvs 'second class' which seems like it will encourage more people to ask for project membership that they otherwise don't really need just to avoid the anoncvs delay. Of course, an even better solution would be to throw CVS in the garbage and use some more robust configuration management system. Sigh. -keith
