cvs security - ssh vs pserver?
i'd like to make some code available to collaborators via cvs. it appears
that i have a choice to make:
1. use pserver
2. use "ext" (ssh)
i just found out that using method 2, you can't assign a shell of /bin/false.
cvs won't work. so option 2 also means "giving a shell account on my
machine".
both these options seem insecure. i have to admit, i'm really not crazy
about giving out shell accounts.
any thoughts? is pserver really as insecure as dpkg claims in the
configuration of the package?
pete
--
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
PGP Public Key: finger p@dirac.org
Reply to: