Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Mark Harrison]

----- Original Message ----- 
From: Greg A. Woods <[EMAIL PROTECTED]>
> The people who use it
> now use it only because it is there and they don't know any better not
> to use it or they're too lazy/bull-headed to change now that they do
> know.

Or because it works quite well for our needs.  You're welcome
to mount an attack.  The IP address is 10.1.42.3. ;-)

> Nobody in their right mind, i.e. nobody who has even an ounce of
> understanding of computer security, would ever want to avoid using real
> system IDs for commit access.

Greg, you should read the cost model recently written about by
Bruce Schneider (sp?).  It will fill in a few shades of gray in
your black/white view of security.

Now calm down!  You were making some sensible contributions before
you went crazy.  I think it was around "your mail agent should be
able to handle it..." that things started going awry.  OK???

Cheers,
Mark.