Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Justin Wells]

ssh CVS is just as vulnerable though. Just because I gave someone a write
password doesn't mean that they are going to be trustworthy. Even if I 
find out who they are--what am I going to do about it? Sue them? What if
they are outside North America?

Justin


On Wed, Aug 09, 2000 at 10:23:29AM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 00:31:01 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > Wrong. I run a public CVS archive. People are always examining the diffs
> > and would notice right away. Same is true for any free/open software project,
> > you just don't get it, that's all.
> 
> One would hope so, but the proof is in history already that these kinds
> of thing have gone undetected long enough to cause major headaches.
> 
> -- 
>                                                       Greg A. Woods
> 
> +1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>      <robohack!woods>
> Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>