Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Justin Wells]

On Wed, Aug 09, 2000 at 08:51:11AM -0400, Noel L Yap wrote:

> >Unless you're talking about recent versions of Linux, FreeBSD, or Solaris
> >I really don't give a damn. Add some documentation warning people of the
> >risk. I don't subscribe to your philosophy that all humans are morons and
> >can't do their own risk analysis. I believe in giving capable people the
> >tools they need to get the job done.
> 
> It has been shown that people opt for convenience rather than
> security and, it's extremely convenient not to read documentation
> about security.

Here is why I don't care:

1) There is no medicine for stupidity. 

2) No matter how many stupid people there are out there, *I* still need
   to get my job done at the end of the day.

I need pserver to be as secure as it can be right up until the moment
when a viable alternative arrives. Which you all assure me is going to
be real soon now, but I can't wait. I've posted the patch. Include it
in pserver and don't rip it out until you rip out pserver.

Justin