> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark D. > Baushke > Sent: dimanche 13 f�vrier 2005 09:39 > To: Guus Leeuw jr. > Cc: [email protected] > Subject: Re: FAQ-O-Matic pserver protocol > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Guus Leeuw jr. <[EMAIL PROTECTED]> writes: > > > Hence I am looking at the pserver protocol, so I figured, it is a FAQ. > > Now depending how you interpret FAQ (asked or answered), I was right ;) > > > > It's apparently asked often, but > > https://ccvs.cvshome.org/fom//cache/446.html gives no answer :( > > Search the info-cvs archives and you might have more luck. The short > answer is don't use it. Move along, this is not the protocol you are > looking for...
The "hence" above was indicating that I am writing a passwd command for the pserver stuff, as Jim suggested would be a nice feature... On dev, so far, no hard statement against doing this... If you think, I shouldn't be doing this, please state so, and I'll back out doing more important stuff... > > Can anybody tell me where the doc is? Can't seem to find it in the > > cvs1-12-11 branch... > > For HTML Cederqvist manual for cvs 1.12.11, look here: > https://www.cvshome.org/docs/manual/cvs-1.12.11/cvs.html > > For the client/server protocol, look here: > https://ccvs.cvshome.org/source/browse/ccvs/doc/cvsclient.texi > > You should be able to find a doc/cvsclient.info file and a > doc/cvsclient.ps -- these forms of the document describe both the > pserver framework and protocol (as well as the kserver and server > protocols). If you plan to read the document closely and you actually > care about security, issue ear-plugs to your neighbors so that your > screams will not distrub them too much. OK, thanks ;) > In general, my personal opinion is that the pserver and kserver > protocols should be removed from the cvs sources completely. It is never > secure to run the cvs executable as root which is required to use the > pserver protocol. The cvs sources were never designed with security in > mind and running them as root is idiocy. (Just say no.) You're kidding right? Root is a good user(TM), no? > If you are using pserver, I hope it is on an isolated LAN with lots of > firewalls and does not control any sources you really need to be kept > secure. I also hope that you are making plans to transition away from > pserver usage as fast as possible. I use it since a couple of years on a LAN that has merely an ADSL router listening, and a linux based firewall blocking... in between the LAN and the server is still an SMC Barricade allowing nothing from the outside to create a network session... Guess this is triple secure... I get a lot of probes, but they don't make it through the server... So that should be cool... > Summary: Friends don't let friends deploy cvs pserver configurations... Sure enough... What about the people that do use pserver, and want their users to change their passwords from CVSROOT/passwd? No change today... Not securely, that is. So we might consider implementing it, no? Simply sending a scrambled password over the *LAN* can't hurt too much... For WAN, pserver is quite different ;) Anyways... Development stopped until verdict is received ;) Guus -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005 _______________________________________________ Info-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/info-cvs
