Package: cvs Version: 1:1.12.9-13 Severity: important The fact PamAuth is enabled by default looks like a security risk:
When I import a repository from a non-Debian system, configured with SystemAuth=no, I expect CVS not to fall back to the system for authentication. But since PamAuth is enabled by default, and was not available on the non-Debian system (so I am likely not to know about this parameter, which is incidentally rejected by non-Debian versions of CVS), then CVS actually does that fallback. The default value should be the same than SystemAuth; and only if PamAuth is explicitely specified should CVS take its value into account. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]