I tend to think that each project should have their own repo. This would ease
permissioning into the repo. The alternative would be to use file system ACLs
(if you have those).
The problem with ssh is that it requires a login shell into the server (please
correct me if I'm wrong 'cos I've been looking for a way around this).
The problem with pserver is it's prone to eavesdropping and replay attacks (ie
the encryption is trivial).
I haven't found a good, scalable, secure way to set up CVS.
Noel
[EMAIL PROTECTED] on 05/15/2000 03:10:35 AM
To: [EMAIL PROTECTED]
cc: (bcc: Noel L Yap)
Subject: [New CVS user] Best config?
Hi.
I am absolutely new to setting up CVS. I have used it once though... Linux
platform.
I need your recommendation as to what type of set up is best. Any why.
Here is my scenario:
--------------------
Currently, for one project, 6 developers. Firewalled machine.
| |
<CVS server> | <firewall> | <world>
| |
No one can telnet into my machine from networks that the firewall does not
approve of. Specifically, from dynamic addresses.
I realised that the sys admins managing the firewall have not closed the
ssh port, though. So that means, that is the only way my developers can
reach the CVS server from outside the organisation.
The number of projects and developers are very likely to explode and the
projects are likely to be highly complicated in teh future. Security is a
big concern. A couple of the developers have script-kid friends, for
instance. ;)
So what is your recommendation?
I have RTFMed and thought that pserver would be a fair choice; but
security issues worry me. Would the experienced experts be so kind as to
give their opinions? :))
Thanks a lot.
Cheers!
--Su.
******************************************************************************
Sujatha Natraj Computer Engineering, NUS, Singapore.
SMTP [EMAIL PROTECTED]
HTTP http://www.comp.nus.edu.sg/~sujathan [UPDATED!]
******************************************************************************
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
