Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Greg A. Woods]

[ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> 
> ssh CVS is just as vulnerable though. Just because I gave someone a write
> password doesn't mean that they are going to be trustworthy. Even if I 
> find out who they are--what am I going to do about it? Sue them? What if
> they are outside North America?

Like I said, you don't seem to understand the concepts of trust and
vulnerability as they apply to computer and network security!

Using CVS with SSH is *authorised* use and in normal situations where
all other necessary precautions are also taken it's extremely unlikely
that it can be compromised and used by unauthorised parties!

It's relatively easy to gain unauthorised access to a cvspserver system.

If you grant trust to an untrustworthy party then that's got nothing to
do with SSH or CVS!

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>      <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>