info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what's to stop a developer from nuking the repository?

From: Greg A. Woods
Subject: Re: what's to stop a developer from nuking the repository?
Date: Tue, 20 Jan 2004 14:06:59 -0500 (EST) 
[ On Tuesday, January 20, 2004 at 10:58:32 (-0500), Mike Echlin wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> 90% of security risks are people inside your firewall.

Well, yes, though it depends on your threat models and exactly what
you're doing and how you're doing it.

In any case the biggest problem with pserver is that it precludes the
very possibility of having any real accountability.

There are very basic and fundamental reasons why every user _MUST_ have
a unique "identity" inside a computing system.

While pserver can maintain that uniqueness, it does nothing to prevent
users from forging their identity -- indeed it makes it trivial for
users to forge their identity.  Worse though pserver can just as easily
be configured to have no uniqueness of identity (which of course is no
big loss given its other failings, but still...).

> The only real way to protect your repository is by use of secure 
> connections with ssh-tunneling and good backups.

Those are part of the picture -- there's also a whole world of other
things that should be done to maintain a good secure computing
environment.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]