>[ On Friday, June 15, 2001 at 00:23:14 (-0700), Gianni Mariani wrote: ]
>> Subject: Re: [ANNOUNCE] cvs-nserver 1.11.1.1 released
>>
>> cvs-nserver sounds great.
>>
>> I'd like to see thin kind of authentication support in the base CVS soon.
At 11:04 -0400 6/15/01, Greg A. Woods wrote:
>No, you do not. You do not want to see ANY kind of authentication or
>authorisation support in CVS, EVER.
>
>CVS is NOT a security tool and it was not designed to be secure.
Greg tells you that you do not want what you THINK you want, but he
does not tell you what you SHOULD want (probably because he's tired
of repeating himself). So, what should you want? Here's a short
explanation.
First, a review of one way to run CVS in client/server mode.
CVS client <-------->RSH client<-------->RSH server<-------->CVS server
CVS protocol RSH protocol CVS protocol
Here's a more secure way
CVS client <-------->SSH client<-------->SSH server<-------->CVS server
CVS protocol SSH protocol CVS protocol
Here's what you SHOULD want for authentication/security method XXX
CVS client <-------->XXX client<-------->XXX server<-------->CVS server
CVS protocol XXX protocol CVS protocol
So, all you have to do is to get/buy/create the XXX client/server
pair. You don't have to modify CVS and convince the CVS maintainers
to add your patches to the distribution (good luck!).
Something like this should probably go into the manual because this
is definitely an FAQ. If this were in the manual, then our very own
CVS AI robot guy :-) could reply with a URL to the manual section.
Fred
--
Fred Brehm, Sarnoff Corporation, [EMAIL PROTECTED]
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
