--On Sunday, March 14, 2004 11:18 PM -0600 "William A. Rowe, Jr." <[EMAIL PROTECTED]> wrote:
as the GNU, ASF, and SF projects all discovered, full backups by third
parties are invaluable. What is the equivalent to rsync, and is it as stable?
I think you mean cvsup not rsync. We're currently creating incremental dumps on every commit. Those can be digitally signed and rsync'd off-site. This is far more secure and auditable than any CVS-based solution
It is? How? Unless the committer signs (which ISTR was rejected as an option when I suggested it, so I'm assuming that doesn't happen), then they must be signed by the server - a successful attacker can therefore sign his modifications, too. Or am I missing something? (I don't use subversion yet, so forgive me if the answer is obvious).
- and is in fact, one reason why the ASF [EMAIL PROTECTED] and the board want to get off CVS.
It is news to me that the board have expressed this view.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
