[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS access control

From: Andrew McGhee
Subject: RE: CVS access control
Date: Thu, 27 Sep 2001 16:09:27 +0100

Is this of use to this argument?

We've found Corey's ACL patches work well for what we want - but we still
don't have a good "encrypted" connection yet to our server (pserver
this allows us to keep the CVS server running as "non-root", and keeps
off the unix machine itself)

I'm keen to hear what is recommended, we where toying with
the idea of SSH tunnelling to a pserver CVS server - if this is
even possible - ?


-----Original Message-----
From: address@hidden [mailto:address@hidden
Sent: 27 September 2001 02:22
To: address@hidden
Subject: Re: CVS access control

[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
> I'd say it would even be better off without password authentication at all
> (and use pserver only where public access is wanted).

Me too!   :-)  [[ PLEASE!!!! ]]

> Sorry for beeing unclear.  pserver and ssh does the authentication (who
> you?).  When I say "access control", I'm thinking of authorization (who
> should be able to do what).  I do think that authentication is out of the
> scope of CVS (ok, pserver _is_ already a part of CVS ... but anyway ...). 

CVS is not a security tool -- it simply manages a bunch of files.  You
do not want to even think about trying to make CVS into a security tool
-- that would be bad design and any implementation would inevitably be
doomed to ultimate failure since it could not, by definition, meet the
design goals.

I.e. CVS has no business doing anything related to access control,
authentication, authorisation, or anything related.

Use your OS to implement security policy and CVS will (have to) honour
your policy -- why make it any more complicated than that, since that's
all that's really necessary.

                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>

Info-cvs mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]