Re: CVS & SSL

[Derek R. Price]

"Greg A. Woods" wrote:

> I am most definitely not limiting CVS to any security model!  I am
> arguing vehemently for total elimination of any *and* all security
> models from *within* CVS.  CVS has no business even suggesting an
> appropriate security model for anyone -- in a client/server
> implementation it need only make use of *any* external tool capable of
> connecting it to an instance of itself acting as a server on some other
> machine.

Well, there _is_ a basis of at least suggesting models in the docs.  I know
that when I was a novice user I much preferred, "well, this'll get you up
and running if you need it", with appropriate warnings to directions like,
"go learn Kerberos" and talk to us later.


> Furthermore CVS has no need to include any built-in security model or
> even any built-in communications support, not on any modern platform!

Keep in mind that I view pserver as more of a logging aid that can double as
a simple, if possibly dangerous, security implementation if necessary.  I've
never been one for making it impossible for a user to shoot themselves in
the foot as long as the appropriate warnings were present.  I'm just not so
egotistical as to think that I'm going to understand every one of their
problems and I think the flexibility left in many *NIX programs has enabled
their use for many probably unforeseen purposes.

As for excluding communications support, well, it's there, at least, for
user-side simplicity's sake.  Not everybody has a copy of tcpserver lying
around yet.  Especially not on Windoze, I'm guessing.  And opening a simple
TCP socket is fairly simple nowadays, even from inside a program.


> You're free to use any external remote job execution tool that meets
> your own security requirements.  If it's as simple as 'nc' and 'nc -I'
> then that's your business.  If you want to use rsh in the clear then
> that's your business to.  If you choose to use SSH, or stunnel, or any
> of the above in combination with a VPN then that's fine too.  You should
> feel free to run your CVS server on a single-user operating system if
> you want.  Issues of security should remain totally orthogonal to CVS
> (and indeed should be deemed inappropriate for this very forum!).

Well, yeah.  I think this discussion started about the generic socket
provider hook I provided, initially with the idea that it would be useful
with an SSL provider.  This leaves CVS room to use authenticating and
non-authenticating channel providers now - a non-authenticating provider
(one which doesn't have/provide a useful user ID on the server) will use the
old authentication server, at the least for logging purposes.  If the
administrator desires something more secure, she can work that out for
herself - the hooks are there.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden         CollabNet ( http://collab.net )
--
We have plenty of youth, how about a fountain of smart?