[ On Thursday, August 10, 2000 at 22:25:46 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Greg will claim it does "nothing" because it does nothing to improve
> authentication, even though it does a lot to improve your ability to
> recover, and a lot to limit the damage an attack can do.
SSH, properly used, either greatly mitigates or completely eliminates
the risks you think you're avoiding too, so indeed your patch is a
zero-gain feature on something that wasn't ever supposed to be used in a
public (i.e. mutually non-trusting) environment in the first place.
> Also I want to add that my patch does nothing to CVS unless you actually
> specify the --chroot flag, and even then, it does nothing unless you are
> also using pserver (it's an error to use --chroot other than with pserver).
you still don't understand the ethical problem, do you....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
