Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Justin Wells]

On Wed, Aug 09, 2000 at 02:12:50PM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
> If you grant trust to an untrustworthy party then that's got nothing to
> do with SSH or CVS!

That's your professional software shop training wheels speaking. In the 
real world I don't really know these people all that well and I do have
to prepare for the very real possibility that I might be fooled into 
granting access to an untrustworthy person.

If that doesn't fit into your pretty little security analysis worldview
tough--it's a real, practical, actual problem that I face.

When viewed this way my pserver setup is FAR more secure than your ssh
setup, because my setup limits the risk I face when someone fools me 
into authorizing their access even though they prove to be untrustworthy.

Your schemes inability to cope with this ugly property of real life is
one of the biggest nails in its coffin.

Justin