Noel L Yap wrote:
> And hence my point that developers must be trusted. In fact, this is a basic
> philosophy of CVS.
I trust myself and yet I don't sleep well if I'm not making nightly tape backups.
Also, if one of my developer's passwords is compromised, we'll say without his
knowledge for point of example, the damage might be more limited if the attacker
can only access one developer's account. I am also a step closer to figuring out
how security was compromised if I can trace the access to a particular user's
account.
Why are you riding the connection on SSH in the first place if you are so
trusting? Why not just use pserver and the functionality already present in the
current version?
I also notice you neglected to respond to the point about user names no longer
being guaranteed to be unique. Do you think this an inconsequential issue?
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] OpenAvenue ( http://OpenAvenue.com )
--
I am not a dentist.
I am not a dentist.
I am not a dentist...
- Bart Simpson on chalkboard, _The Simpsons_
