info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what's to stop a developer from nuking the repository?

From: Mike Echlin
Subject: Re: what's to stop a developer from nuking the repository?
Date: Tue, 20 Jan 2004 10:58:32 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 
address@hidden wrote:
Please forgive me if I am mistaken, and in any case I certainly don't want to start a flame war, but am I right in thinking that Greg's opinion does not reflect the majority view? 
I can't speak for the majority, but I pretty much agree with Greg.

Quibble time:  *if* you run cvs on a network you're sure is secure
and everybody on it can be absolutely trusted (to the point where you'd
be perfectly comfortable giving the root password to anybody who had an
actual need for it), pserver is usable.  It serves to prevent mistakes.
It may be slightly easier to set up than rsh, or it may not be.

However, if there is any shadow of doubt, then all pserver gives you
is anonymous access, since anybody who wants to do anything not directly
traceable to themselves can easily use somebody else's identity.

Given a valuable code base, and employees, I'd figure that the danger
of having a disgruntled employee is there, and I'd want to use something
more traceable than pserver.
90% of security risks are people inside your firewall. Either by accident or design the people you work with will cause the most loss of data or files from your repository (Mostly by accident.) The only real way to protect your repository is by use of secure connections with ssh-tunneling and good backups.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]