[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-dev] Re: cvs-passwd patch
|
From: |
Mark D. Baushke |
|
Subject: |
[Cvs-dev] Re: cvs-passwd patch |
|
Date: |
Mon, 25 Sep 2006 10:02:23 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Prasad J Pandit <address@hidden> writes:
> > I have also not yet looked to see if your protocol
> > extension would really be interoperable with the
> > CVSNT protocol or not. Part of this is that I have
> > not yet compiled your code with success.
>
> Did you try to compile the patched source? it's available at
>
> http://www.cdacbangalore.in/~prasad/tools/cvs-1.12.13.tar.bz2
> OR
> http://prasad3483.googlepages.com
No, I tried to patch the top-of-tree and compile
that instead. The 1.12.13 code is too stale to be
useful to me.
> > I actually doubt it will work, because you never
> > actually check to see if 'passwd' is a
> > supported_request() or not. Nor do you specify a
> > separate supported_request() optoin to see if the
> > encryption option is supported or not by the server.
>
> I think, you should not face problems, as
> long as you use the same source; I mean, same
> client and server. I've not tested it with any
> other server, or CVSNT, etc. But I've compiled &
> tested it(above source) on FC3, FC5, and
> FreeBSD-6.0 without any hassles at all. Please
> try it.
You have misunderstood my point. I apologize as I
was writing that at a very late hour and I was
perhaps not clear enough on the points...
I do not care if any single version of CVS
interoperates with itself or not (although that is
a minimum requirement). That situation is less
than 1% of the real uses of CVS/CVSNT on the net.
I live in a world where there are many different
versions of CVS clients and servers all trying
to interoperate amongst themselves.
It is a poor idea to assume any large degree of
homogeneity will ever exist. There can be no
"flag-day" where everyone starts using a new
version of cvs at the same time. Especially when
there is a major fork like CVSNT out there.
Any patches to be seriously considered for CVS
need to be written from the point of view that
there are also many attackers out there who will
try to use CVS as the attack vector as well as
many different client/server combinations that
just have to work without fail. Bugs exist, but we
should not encourge their use by ignoring
fundamental problems which have already been
solved.
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
iD8DBQFFGAueCg7APGsDnFERAkIuAKDZE2XXXaqQ+Odb+a42BM8LyATnFwCeNgPR
D60Wh+UBgmnPn4QNC5evTX8=
=NKIy
-----END PGP SIGNATURE-----
- [Cvs-dev] Re: cvs-passwd patch, about sanity.sh, Derek R. Price, 2006/09/12
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, about sanity.sh, Derek R. Price, 2006/09/14
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/22
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch,
Mark D. Baushke <=
- Re: [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Re: [Cvs-dev] Re: cvs-passwd patch, Tony Hoyle, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/26
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Mark D. Baushke, 2006/09/28
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Mark D. Baushke, 2006/09/28
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Derek R. Price, 2006/09/28
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Derek R. Price, 2006/09/28