Keith Refson writes: > > I suspect this attitude may be born of an ignorance of how > SSH works and what it is capable of.
On the contrary, I know quite well what SSH is capable of. But people do run CVS without using SSH, you know, and the environment is normally under the control of the *user*. Sure, if you happen to be running it from a correctly-configured SSH you can control the environment (at least partially), but CVS doesn't have any way to know whether it's being run that way or not. If it's not, then trusting the environment would let anyone commit as anyone else without requiring any authorization whatsoever. You can complain that pserver's authorization isn't very secure, but at least it exists. -Larry Jones I always send Grandma a thank-you note right away. ...Ever since she sent me that empty box with the sarcastic note saying she was just checking to see if the Postal Service was still working. -- Calvin _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
