[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security setup

From: Walter, Jan
Subject: RE: Security setup
Date: Tue, 17 Dec 2002 18:13:57 +0100

Larry Jones writes:
> Walter, Jan writes:
> > 
> > I think we need to differentiate between "really bullet-proof 
> > security" and "reasonable security" - after all, security is also 
> > there to protect users from themselves, with no malicious intent 
> > required. I would also fathom that this is the cause of most data 
> > loss.
> I agree.  However, I think that CVS's normal configurations 
> are sufficient to provide the latter kind of security and any 
> further efforts to provide more security are misguided and 
> probably a waste of time.  Having the repository owned by a 
> single user, for example, only protects against someone 
> accidentally mucking about with the files there, a situation 
> which I've never heard tell of.  It's easily subverted with 
> only the slightest of malicious intent, so is it really worth 
> doing?  Particularly since doing so removes all traceability, 
> should some have such malicious intent.

Well, the cvs logs still have the user info, like who committed it, etc.
True, it does not sit in the file system, but does it need to?

The reason I set it up here this way was precisely that's _how_ some
developers here got rid of files (instead of a cvs remove). At least now
it's logged.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]