[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Unediting a commited file
Unediting a commited file
Mon, 22 Dec 2003 01:51:47 -0800 (PST)
I have an issue of unediting a file that has been
committed to the repository from the workspace. I
tried to execute the following command:
cvs unedit "Training in CVS.xls
But it didn't put the file in "unedit" mode. It stcuk
in edit. I ran update, and queried the file, but to
The reason I want to put it in an "Unedit" mode is to
place a "lock" on the file. And, so long the file is
in "edit" mode it is not allowing me to lock the file?
The environment: Client server vonfiguration with
pserver authontication mode. I habve CVS 1.10 version
on my server.
--- "Greg A. Woods" <address@hidden> wrote:
> [ On Friday, December 19, 2003 at 11:18:57 (-0500),
> Jim.Hyslop wrote: ]
> > Subject: RE: CVS Security Issues
> > Why is this level of security so important?
> Exactly what are the security
> > attacks you're concerned with?
> Exactly the kind which necessesitated this recent
> update)</strong>" release.
> > Well, clearly pserver is not secure because the
> password is sent effectively
> > in plain text, allowing anyone with a packet
> sniffer to retrieve CVS
> > passwords. That's a big no-no on the security
> level. But this is
> > well-documented in the Cederqvist - as I recall,
> it says something along the
> > lines of "if you want real security, don't use
> Meanwhile people the world over continut to mis-use
> It's been proven time and time again that we can't
> stomp out ignorance
> about digital security by documentation alone.
> However we can remove features that are 100,000%
> guaranteed insecure and
> force people to either think a little more to gain
> the insecurity they
> desire, or at maybe at least to get them to follow
> the herd over to
> using some more secure digital security mechanism
> that's widely
> available and easy to use.
> > So, where am I deluding myself?
> If you have any use whatsoever for something like
> CVS then clearly you
> _must_ also have some need for at least minimal
> security, whether you
> realize it or not. There's no point to recording
> revision information
> if anybody can muck with it and there is no
> accountability whatsoever
> amongst your users. I.e. if you use pserver for
> anything more than
> totally anonymous access then you really have no
> security, none, zip,
> zilch, zero, nada, not one bit of security
> whatsoever. If you don't see
> the conflict here then clearly you are deluding
> yourself! ;-)
> > > I.e. please do not pretend you can gain anything
> by pretending to make
> > > the CVSROOT/passwd file harder to mess with.
> > That's a good point - as Bruce Schneier, author of
> "Applied Cryptography"
> > and a computer security expert, is fond of saying:
> Security is only as good
> > as its weakest link. For pserver, access to the
> passwd file is not the
> > weakest link by any means. Moving the file to a
> different location will not
> > significantly improve its inherent insecurity.
> Worse. It will cause people to have an increased
> level of _false_
> BTW, for this discussion Schneier's book "Serets &
> Lies: Digital
> Security in a Networked World" is much more apropos.
> Greg A. Woods
> +1 416 218-0098 VE3TCP
> RoboHack <address@hidden>
> Planix, Inc. <address@hidden> Secrets of
> the Weird <address@hidden>
> Info-cvs mailing list
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard