[ On Wednesday, August 9, 2000 at 14:41:15 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> That's your professional software shop training wheels speaking. In the
> real world I don't really know these people all that well and I do have
> to prepare for the very real possibility that I might be fooled into
> granting access to an untrustworthy person.
Justin you still don't seem to understand "trust" in the computer
security sense!
Just because I trust someone to hack away on some freeware project or
another doesn't mean I'll trust him or her to have a shell on any system
where I keep my private files or whatever. I may not even gran them
authorisation to use any system within my firewall.
That also doesn't mean I'm going to let them login with a password in
the clear, or run as an anonymous user mushed under a single system
user, etc.
Finaly you seem to forget what accountability means in the real world!
> If that doesn't fit into your pretty little security analysis worldview
> tough--it's a real, practical, actual problem that I face.
and there's a very real, very practical, very widely used solution to
your problem -- and all you've got to do to deploy it is to read and
follow a few measily simple little instructions that you've been pointed
at a dozen times or more.
> When viewed this way my pserver setup is FAR more secure than your ssh
> setup, because my setup limits the risk I face when someone fools me
> into authorizing their access even though they prove to be untrustworthy.
You have zero knowledge of my SSH/CVS setup! Don't make claims you
cannot have any understanding of!
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
