cvs security - ssh vs pserver?

To: Debian user mailing list <debian-user@lists.debian.org>
Subject: cvs security - ssh vs pserver?
From: Peter Jay Salzman <p@dirac.org>
Date: Tue, 27 Nov 2001 01:51:50 -0800
Message-id: <[🔎] 20011127015150.A3681@dirac.org>

i'd like to make some code available to collaborators via cvs.  it appears
that i have a choice to make:

1. use pserver

2. use "ext" (ssh)

i just found out that using method 2, you can't assign a shell of /bin/false.
cvs won't work.   so option 2 also means "giving a shell account on my
machine".

both these options seem insecure.  i have to admit, i'm really not crazy
about giving out shell accounts.

any thoughts?  is pserver really as insecure as dpkg claims in the
configuration of the package?

pete


-- 
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
PGP Public Key:  finger p@dirac.org

Reply to:

Follow-Ups:
- Re: cvs security - ssh vs pserver?
  - From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
- Re: cvs security - ssh vs pserver?
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: are unstable xfonts packages still broken?
Next by Date: Re: Font problem with xterm
Previous by thread: Re: strange log messages - inetd
Next by thread: Re: cvs security - ssh vs pserver?
Index(es):
- Date
- Thread