Re: to stop commit

[Julian Opificius]

Schrum, Allan (Allan) wrote:
> I concur. Mark's setup is nearly a mirror of ours. We have multiple
> repositories that need controlled access. While UNIX group permissions could
> address this at a gross level, it does not offer the same level of control
> that readers / writers offers (the primary reason for using :pserver:
> access).
>
> In our environment, the repositories are owned by the "cvs" user so that the
> users of CVS do not have direct access to the files. This was to avoid the
> obvious temptation for people to directly change (or is it fix?) the
> repository as well as avoid silly accidents caused by "rm".

Exactly !!!

 The :pserver:
> mode provides a layer if disconnection from the repository that requires the
> users to use the CVS tool. This abstraction helps preserve the integrity of
> the repository as well as offering great flexibility.
>
> If the failing of :pserver: is its security, then maybe we need a
> :sshpserver: mode?

I get that, effectively, by using ssh with WinCVS and PuTTY, so the 
target in my CVSROOT is always "localhost", whether I'm in the office or 
at my kitchen table. I am no wizard, and I fail to see what is missing 
in terms of security with that method. My security situation here is 
that anyone granted a shell login & pserver account can be trusted to 
not be malicious, but can not be trusted to not make "sub-optimal 
choices" and "fix" things.

If I'm not getting the Internet security I think I'm getting with ssh, 
then somebody please tell me.

If we can get the advantages of pserver and ssh by tunnelling one 
through the other, then the problem is solved, and I think we're just 
getting wrapped around the axle of academic idealism in criticizing 
:pserver:.


julian.