[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: to stop commit
From: |
Julian Opificius |
Subject: |
Re: to stop commit |
Date: |
Fri, 19 Aug 2005 10:39:44 -0500 |
User-agent: |
Mozilla Thunderbird 1.0.6 (Windows/20050716) |
Schrum, Allan (Allan) wrote:
I concur. Mark's setup is nearly a mirror of ours. We have multiple
repositories that need controlled access. While UNIX group permissions could
address this at a gross level, it does not offer the same level of control
that readers / writers offers (the primary reason for using :pserver:
access).
In our environment, the repositories are owned by the "cvs" user so that the
users of CVS do not have direct access to the files. This was to avoid the
obvious temptation for people to directly change (or is it fix?) the
repository as well as avoid silly accidents caused by "rm".
Exactly !!!
The :pserver:
mode provides a layer if disconnection from the repository that requires the
users to use the CVS tool. This abstraction helps preserve the integrity of
the repository as well as offering great flexibility.
If the failing of :pserver: is its security, then maybe we need a
:sshpserver: mode?
I get that, effectively, by using ssh with WinCVS and PuTTY, so the
target in my CVSROOT is always "localhost", whether I'm in the office or
at my kitchen table. I am no wizard, and I fail to see what is missing
in terms of security with that method. My security situation here is
that anyone granted a shell login & pserver account can be trusted to
not be malicious, but can not be trusted to not make "sub-optimal
choices" and "fix" things.
If I'm not getting the Internet security I think I'm getting with ssh,
then somebody please tell me.
If we can get the advantages of pserver and ssh by tunnelling one
through the other, then the problem is solved, and I think we're just
getting wrapped around the axle of academic idealism in criticizing
:pserver:.
julian.
- Re: to stop commit, (continued)
- Re: to stop commit, Julian Opificius, 2005/08/18
- Re: to stop commit, Mark O'Brien, 2005/08/19
- Message not available
- Re: to stop commit, Pierre Asselin, 2005/08/18
- Re: to stop commit, Mark D. Baushke, 2005/08/18
- Message not available
- Re: to stop commit, Pierre Asselin, 2005/08/19
- Re: to stop commit, Mark D. Baushke, 2005/08/19
RE: to stop commit, Schrum, Allan (Allan), 2005/08/19
Re: to stop commit,
Julian Opificius <=