[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs-1.11.7 seems to have changed the api for "release"

From: Ed Avis
Subject: Re: cvs-1.11.7 seems to have changed the api for "release"
Date: 04 Oct 2003 00:53:43 +0100

Derek Robert Price <address@hidden> writes:

>~From the NEWS file:
>| Changes from 1.11.6 to 1.11.7:
>. . .
>| * The global '-l' option, which suppressed history logging, has been
>| removed from both client and server.
>I suppose it could have noted that this was for security reasons.
>Only the administrator is deemed to be allowed to decide what
>commands to log or not to log.

I fail to see how this is any improvement in security in the case
where you're accessing a local filesystem; if you have write access to
the CVS repository then you can change what's in the log, and if you
have read access to the repository then you can get the sources
without logging.

It does make some sense in the client/server case, although I'd have
preferred to see -l made a configurable option for the server.

Ed Avis <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]