BTW, I really do not appreciate your use of a bogus e-mail address, especially when you give no hint as to how a human might concoct a valid e-mail address for contacting you. This forum is primarily
My constraints are oriented to reduce administrative tasks: - no system user on the UNIX server (there is no need for CVS features indeed - only the "log name" should be kept for the author field in
[ On Monday, July 5, 2004 at 12:03:57 (+0200), Yves Martin wrote: ] Why not use SSH? It would be much more secure. Don't do that. The security model used by Unix-like systems (GNU/Linux obviously inc
this is my problem: I have a user account on a linux machine and we can use CVS on it using the ssh protocol for security reasons (ext). This works fine for me and I can log in using my account usern
Hello list, this is my problem: I have a user account on a linux machine and we can use CVS on it using the ssh protocol for security reasons (ext). This works fine for me and I can log in using my a
This is the error that appears after latest (dated June 9) cvs security patch using pserver protocol at cvs add command. All I could find on that topic on the internet was http://lists.gnu.org/archiv
Code reviews are being conducted by interested parties. Most of those parties are not me and I have little information on their current progress. Derek a code audit starting from the date of the root
Pardon me if this is an ignorant question, but is there going to be a code audit starting from the date of the rooting of the server? Hi all, For those who don't know, cvshome.org is currently down b
Hi all, For those who don't know, cvshome.org is currently down because it was hacked, via its CVS server we believe. cvshome.org was used to send an email that contains an exploit for the security v
If all you are wanting to protect is the contents of the $CVSROOT/CVSROOT directory, then I agree, Mark's suggestion is overkill. usually, what I believe, you want can be done with directory permissi
Thanks again Mark. -- Marcelo Carvalho Fernandes Smart Tech Consulting www.smartech.com.br Tel:(55)21-2532-6335 --Mensagem original-- De: address@hidden [mailto:address@hidden nome de Mark D. Baushke
Yup. You probably want to upgrade to the latest version of cvs if you can take the time to do it. I do not believe it is secure to have cvs do any local authentication/authorization or to ever run as
[ On Wednesday, May 5, 2004 at 10:26:24 (+0100), Keith Refson wrote: ] There is no "genuine argument" here whatsoever. There is only very serious and fundamental mis-understanding of the basic premis
I'm making a great efford not to be sarcastic in this response. There's a genuine argument to be made here and I hope that there may be one or two readers who can be convinced by reasonable debate. I
[ On Tuesday, May 4, 2004 at 15:46:50 (-0400), Tim Grotenhuis wrote: ] SSH is TOTALLY _USELESS_ if it's used with a shared account. There is _NO_ security whatsoever with shared accounts, _especially
SSH is: a. secure through encryption ( cleartexting across the net with pserver is inviting disaster) b. through the SSH command="" you can limit users to one command based on the key they are authen
[ someone wrote: ] I just cannot possibly ever even conceive of anyone using a "shared SSH account". The very concept is entirely antithetical to the goals of SSH and computing security in general. Y
Hmmm... I am not sure I have seen that attitude myself, but I may be biased. The current sources have certain limitations and assumptions built into them for normal configurations. However, they are
You can also use $HOME/.ssh/environment on the client side to tunnel environment variables of your choice. I've never tried it myself, I just saw that in the ssh man page. (Your developers would be
I had this same problem with OpenSSH. For $30 I purchased WinSSHD from BitVise - www.bitvise.com . It works great, each CVS transaction is correctly labeled with the user who did it, and Bit Vise has