[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: introducing myself...

From: Martin v. L÷wis <martin_at_v.loewis.de>
Date: 2003-06-20 20:12:44 CEST

Bob Aiello <clearcaseguru@optonline.net> writes:

> oh by the way I wrote about these issues in this months edition
> of CM Crossroads (www.cmcrossroads.com).

Very interesting. However, I feel that the terminology in this article
is confusing: protection from failures and protection against attacks
are completely indepedent issues, and I think only one of them should
be called "security" (i.e. the protection against attacks). The other
is better called "safety" (as in "safety belt" - not "security belt").

While I can agree that CVS lacks safety (e.g. no fault tolerance, real
risks of corrupted databases), I fail to see why you consider it
insecure. E.g. when used over ssh, CVS provides strong
authentication. As a revision control system, it supports auditing by
nature. There are some operations that are not audited, but it would
be easy enough to disable them altogether without loss of usability.

About the only thing it does not provide is non-repudation.

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 20 20:13:50 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.