All: I have an issue of unediting a file that has been committed to the repository from the workspace. I tried to execute the following command:
cvs unedit "Training in CVS.xls But it didn't put the file in "unedit" mode. It stcuk in edit. I ran update, and queried the file, but to no avail. The reason I want to put it in an "Unedit" mode is to place a "lock" on the file. And, so long the file is in "edit" mode it is not allowing me to lock the file? The environment: Client server vonfiguration with pserver authontication mode. I habve CVS 1.10 version on my server. --- "Greg A. Woods" <[EMAIL PROTECTED]> wrote: > [ On Friday, December 19, 2003 at 11:18:57 (-0500), > Jim.Hyslop wrote: ] > > Subject: RE: CVS Security Issues > > > > Why is this level of security so important? > Exactly what are the security > > attacks you're concerned with? > > Exactly the kind which necessesitated this recent > "<strong>(security > update)</strong>" release. > > > Well, clearly pserver is not secure because the > password is sent effectively > > in plain text, allowing anyone with a packet > sniffer to retrieve CVS > > passwords. That's a big no-no on the security > level. But this is > > well-documented in the Cederqvist - as I recall, > it says something along the > > lines of "if you want real security, don't use > pserver." > > Meanwhile people the world over continut to mis-use > pserver. > > It's been proven time and time again that we can't > stomp out ignorance > about digital security by documentation alone. > > However we can remove features that are 100,000% > guaranteed insecure and > force people to either think a little more to gain > the insecurity they > desire, or at maybe at least to get them to follow > the herd over to > using some more secure digital security mechanism > that's widely > available and easy to use. > > > So, where am I deluding myself? > > If you have any use whatsoever for something like > CVS then clearly you > _must_ also have some need for at least minimal > security, whether you > realize it or not. There's no point to recording > revision information > if anybody can muck with it and there is no > accountability whatsoever > amongst your users. I.e. if you use pserver for > anything more than > totally anonymous access then you really have no > security, none, zip, > zilch, zero, nada, not one bit of security > whatsoever. If you don't see > the conflict here then clearly you are deluding > yourself! ;-) > > > > I.e. please do not pretend you can gain anything > by pretending to make > > > the CVSROOT/passwd file harder to mess with. > > > > That's a good point - as Bruce Schneier, author of > "Applied Cryptography" > > and a computer security expert, is fond of saying: > Security is only as good > > as its weakest link. For pserver, access to the > passwd file is not the > > weakest link by any means. Moving the file to a > different location will not > > significantly improve its inherent insecurity. > > Worse. It will cause people to have an increased > level of _false_ > security. > > BTW, for this discussion Schneier's book "Serets & > Lies: Digital > Security in a Networked World" is much more apropos. > :-) > > -- > Greg A. Woods > > +1 416 218-0098 VE3TCP > RoboHack <[EMAIL PROTECTED]> > Planix, Inc. <[EMAIL PROTECTED]> Secrets of > the Weird <[EMAIL PROTECTED]> > > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
