[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a few Q's

From: Mark D. Baushke
Subject: Re: a few Q's
Date: Fri, 24 Oct 2003 14:11:20 -0700

Hash: SHA1

Derek Robert Price <address@hidden> writes:

> Mark D. Baushke wrote:
> | It also bothers me that this kind of feature could be used by someone
> | that wanted to checkout trees from a normal repository and not leave a
> | record of it in the history file...
> Good point.  I don't like that either.  Is something stopping people
> from running the server with the -R option? 

A fine idea for a :pserver: server. Not so good for a :ext: server.

I suppose a game using CVS_SERVER to run a script that passes the -R
switch to the real cvs might also work, but could be more confusing to
use... and still open to abuse by a user rather than an administrator.

> Aside from the fact that they would have to have a second cvs server
> on a second port serving their non-read-only repositories?

I suspect that burning another port would probably not be a big hardship
for :pserver: users.

> It seems to me that -R should just be a server side/local switch
> anyhow.  Aside from the security implications,

Well, the security implications are kind of big to ignore...

> why would you want to make your users remember which repositories they
> need to send -R to?

Good point.

> At least a separate port number would only be need to be specified
> once - after that it would be remembered as part of the CVSROOT
> string.

True for :pserver: and maybe :gserver: and painful for :ext:, which is
probably okay as making it available via :pserver: lets the
administrator control how the history file gets updated.

        -- Mark
Version: GnuPG v1.2.3 (FreeBSD)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]