RE: Security setup

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security setup

From:	Walter, Jan
Subject:	RE: Security setup
Date:	Tue, 17 Dec 2002 18:13:57 +0100

Larry Jones writes:
> Walter, Jan writes:
> > 
> > I think we need to differentiate between "really bullet-proof 
> > security" and "reasonable security" - after all, security is also 
> > there to protect users from themselves, with no malicious intent 
> > required. I would also fathom that this is the cause of most data 
> > loss.
> 
> I agree.  However, I think that CVS's normal configurations 
> are sufficient to provide the latter kind of security and any 
> further efforts to provide more security are misguided and 
> probably a waste of time.  Having the repository owned by a 
> single user, for example, only protects against someone 
> accidentally mucking about with the files there, a situation 
> which I've never heard tell of.  It's easily subverted with 
> only the slightest of malicious intent, so is it really worth 
> doing?  Particularly since doing so removes all traceability, 
> should some have such malicious intent.

Well, the cvs logs still have the user info, like who committed it, etc.
True, it does not sit in the file system, but does it need to?

The reason I set it up here this way was precisely that's _how_ some
developers here got rid of files (instead of a cvs remove). At least now
it's logged.

Jan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Security setup, (continued)
- Re: Security setup, Noel Yap, 2002/12/17
- RE: Security setup, Walter, Jan, 2002/12/17
  - Re: Security setup, Larry Jones, 2002/12/17
  - RE: Security setup, Greg A. Woods, 2002/12/17
- RE: Security setup, Walter, Jan <=

Prev by Date: Re: Empty val-tags file
Next by Date: RE: Where is diff getting its path?
Previous by thread: RE: Security setup
Next by thread: a list of changed files
Index(es):
- Date
- Thread