> > > > Nick Patavalis wrote: > > > > It's probably not any better, more like an alternate feature that would be > handy in certain environments. Personally, I'd rather the repository be > owned and operated by just one user, and allow the repository administrator > to be able to grant and revoke permissions and add new projects and project > groups without having to add any users/groups to the system. > I suppose it comes down to how you identify actual users, since the system has to know somehow about who is trying to access a module in order to allow or deny that access. The classic Unix method is to assign each actual user an account on the machine, and this authentication method has been worked on extensively, both to try to improve it and to try and stop people spoofing it. It's about as secure a means as you can get, at least when you use known secure techniques.
Any other method of authentication is going to be easier to fool. CVS's pserver is a case in point: it isn't secure, and if you want strict authentication you should use :ext: with ssh or some such thing. Not only has there been less work done on securing it, but there never will be anywhere near as much work. If security is an issue, you want to enforce authentication, since no security is perfect and you need to have some sort of audit facility. Therefore, you want as reliable a method of authentication as possible, and I don't know of anything better than Unix user accounts. There's security there, if people use it. -- Now building a CVS reference site at http://www.thornleyware.com [EMAIL PROTECTED] _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
