On Wednesday, August 9, Justin Wells wrote:
>
> Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
> No.
Again, I ask the WinCVS coders (and MacCVS, etc as well), why is this
state of affairs present? Are there any plans on changing this soon?
> That's a fact. And so long as it's a fact I am going to use pserver. And
> so will other people. And so long as that's true we might as well at least
> make the damn thing as secure as it can be.
Why use a bandaid to "fix" a hemorrhage? Would it not be better to complain,
send a bug report, whatever to the cause of this state of affairs?
> Not to mention trusting the users. I don't trust them. I don't actually
> see ssh as significantly increasing my security because even with maximal
> security between the user and the server, I still don't trust the user.
Then you are screwed. CVS was never meant to be used in this fashion. If you
read the original paper, I believe that it basically says that in a cooperative
environment, CVS works well. If you have a competitive environment, where
users will try to torpedo other projects, then all bets are off.
> You are still thinking inside the professional software development shop
> box where issues like not trusting your users don't come up.
It's the difference between the Unix and VMS philosophy of computing. Do you
have an open system, with policing happening through capping the knees of bad
users by the enraged community at large, or do you have a dictatorship, where
legitimate use by good people is curtailed to the point of suffocation.
--Toby.
