First, welcome Bob!
Second, just a gentle reminder (not targeted at Bob, by the way) that
this is the Subversion dev list, not the CVS security list, so please
let's try keep discussions related to Subversion. I realize it's
always a judgement call, so 'nuff said.
Thanks,
-Karl
martin@v.loewis.de (Martin v. Löwis) writes:
> Bob Aiello <clearcaseguru@optonline.net> writes:
> > oh by the way I wrote about these issues in this months edition
> > of CM Crossroads (www.cmcrossroads.com).
>
> Very interesting. However, I feel that the terminology in this article
> is confusing: protection from failures and protection against attacks
> are completely indepedent issues, and I think only one of them should
> be called "security" (i.e. the protection against attacks). The other
> is better called "safety" (as in "safety belt" - not "security belt").
>
> While I can agree that CVS lacks safety (e.g. no fault tolerance, real
> risks of corrupted databases), I fail to see why you consider it
> insecure. E.g. when used over ssh, CVS provides strong
> authentication. As a revision control system, it supports auditing by
> nature. There are some operations that are not audited, but it would
> be easy enough to disable them altogether without loss of usability.
>
> About the only thing it does not provide is non-repudation.
>
> Regards,
> Martin
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 20 20:34:51 2003