[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: CVS version 1.11.17 vs. 1.11.22
FW: CVS version 1.11.17 vs. 1.11.22
Thu, 28 Sep 2006 11:46:26 +0800
Oh, you mean acls script only works with pserver?
In our environment, we are still using pserver at the moment. But I am
looking at upgrading it to use ssh2 (still not sure on how to do this). Am I
still able to use acls with the ssh2 protocol?
From: address@hidden [mailto:address@hidden On Behalf
Of Mark D. Baushke
Sent: Thursday, September 28, 2006 11:37 AM
Subject: Re: CVS version 1.11.17 vs. 1.11.22
-----BEGIN PGP SIGNED MESSAGE-----
Jacky <address@hidden> wrote:
> Thanks for the steps on upgrading my cvs server. I shall give them a try.
> Actually we are looking at controlling the access to the repository up
> to the branch level.
Sure, but lots of folks using the cvs_acls script do that already.
> Other than acls, based on your experience, is there any other way of
> achieving this?
Yes. Read the cvs_acls.html documentation and look at hte cvs_acls.pl
perl script. It handles branches and other such things on a commit basis.
The only thing that an 'acls' patch might give you would be
checkout-based permissions. If you care about that level of restriction,
then you probably should never even think about using something like
:pserver: which is the only thing that the 'acls' patch might work
toward as the :pserver: protocol is NOT very secure as protocols go.
> Warm Regards,
> Jacky Wong
> -----Original Message-----
> From: address@hidden [mailto:address@hidden On Behalf Of Mark D.
> Sent: Wednesday, September 27, 2006 5:28 PM
> To: Jacky
> Cc: CVS
> Subject: Re: CVS version 1.11.17 vs. 1.11.22
> Jacky <address@hidden> writes:
> > Sorry to intrude the thread,
> > Has anyone come across tutorials on how to upgrade my cvs server? I am
> > using 1.11.17 as well, I need to upgrade to 1.11.22 so that I can use
> > acls.
> The CVS version you have now would work with the cvs_acls.pl script that
> you can get by browsing the sources on savannah.nongnu.org
> http://cvs.savannah.nongnu.org/viewcvs/ccvs/contrib/?root=cvs with
> documentation in the cvs_acls.html file.
> The CVSNT folks have a more native implementation of acls if that is
> what you think you want. You should visit http://www.cvsnt.org/ for more
> details on that fork of the CVS sources.
> To upgrade from cvs 1.11.17 to cvs 1.11.22, do the following:
> 1) download, configure, build, make check, make install
> 2) You may find it desirable to do a 'cvs init' command on your
> repository to create any new default templates and triggers that
> are not present in your current CVSROOT, otherwise there is nothing
> else you need to do.
> If you are considering the cvsacl.sourceforge.net project, that is
> outside of the scope of this mailinglist/newsgroup.
> Fwiw: I have never used those set of patches and I have no idea if they
> work or what changes you might need to make to your CVS repository to
> get them to work. My understanding is that those patches are only useful
> if your conneciton method is :pserver: ... you may wish to search out
> the various postings on :pserver:, but I personally believe it is a
> really bad idea to ever run a :pserver: for any purpose other than as an
> anonymous reader to a mirror of your main repository. Using it to
> control write access to your repository is a really bad idea in our
> current hostile network environment called the Internet. Using it inside
> of a given organization and/or company is foolish as you may as well
> provision a separate account for each member in any case and doing it to
> allow the operating system to authenticate and authorize actions on the
> repository is a safer thing to do than to hack a mostly anonymous system
> mechanism to do things it was never really intended to do.
> Good luck,
> -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (GNU/Linux)
-----END PGP SIGNATURE-----