James Henstridge <[EMAIL PROTECTED]> writes: > Jonathan Blandford wrote: > > >I missed this -- do we actually need hardware for anoncvs? I'm > >wondering if we can just turn on pserver on container or widget. When > >we first set up anoncvs, we had pretty poor bandwidth to the gnome.org > >machines and canvas was underpowered. Things have changed -- we have > >more than enough bandwidth and machine power now. > > > >Tomas, do you have any idea of how much anoncvs traffic we get? Given > >that container is pretty underutilized, should we look into doing this? > >It would have the added advantage of being current, and not lagged. We > >could also do it on window, which has a read-only mounting of > >/cvs/gnome, which would make me feel a bit better about it. > > > > > If you do turn on pserver, you might want to look at the patches that > are being used on freedesktop.org so that the cvs pserver runs > completely unprivileged (it essentially forces the '-R' option). > > This makes sure that anonymous sessions can never leave stale locks > around and limits the possible damage when the next CVS vulnerability is > discovered.
Oh nice! I would also love to update container to RHEL4 and set up an selinux security context here, though that's not going to happen for a little bit. I'll try to track those patches down, though, and give them a look. We should get this going sooner rather than later. Thanks, -Jonathan _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
