Re: introducing myself...

From: Martin v. Löwis <martin_at_v.loewis.de>
Date: 2003-06-20 20:12:44 CEST

Bob Aiello <clearcaseguru@optonline.net> writes:

> oh by the way I wrote about these issues in this months edition
> of CM Crossroads (www.cmcrossroads.com).

Very interesting. However, I feel that the terminology in this article
is confusing: protection from failures and protection against attacks
are completely indepedent issues, and I think only one of them should
be called "security" (i.e. the protection against attacks). The other
is better called "safety" (as in "safety belt" - not "security belt").

While I can agree that CVS lacks safety (e.g. no fault tolerance, real
risks of corrupted databases), I fail to see why you consider it
insecure. E.g. when used over ssh, CVS provides strong
authentication. As a revision control system, it supports auditing by
nature. There are some operations that are not audited, but it would
be easy enough to disable them altogether without loss of usability.

About the only thing it does not provide is non-repudation.

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 20 20:13:50 2003

This message: [ Message body ]
Next message: Martin v. Löwis: "Re: CM Security - introducing myself..."
Previous message: Ben Collins-Sussman: "Re: Access right question"
In reply to: Bob Aiello: "introducing myself..."
Next in thread: kfogel_at_collab.net: "Re: introducing myself..."
Reply: kfogel_at_collab.net: "Re: introducing myself..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]