"Greg A. Woods" wrote:
> The problem is that I see it as if you're trying to say that CVS Pserver
> plus SSL equals secure. It most certainly does not. You have no
> provable authentication and thus no provable accountability.
Not on the server side, but it prevents sniffing. Server certificate checking can
prove to the client that it got the correct server and this can prevent the user from
sending her password to an imposter.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED] CollabNet ( http://collab.net )
--
"My father often told me,
We have servants and machines
in order that our will may be carried out
beyond the reach of our own arms.
Machines are more powerful than servants
and more obedient and less rebellious,
but machines have no judgement
and will not remonstrate with us
when our will is foolish,
and will not disobey us
when our will is evil.
In times and places where people despise the gods,
those most in need of servants have machines,
or choose servants who will behave like machines.
I believe this will continue
until the gods stop laughing."
-Orson Scott Card, "Children of the Mind"
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
