[16045] in bugtraq
Re: cvs security problem
daemon@ATHENA.MIT.EDU (Brian Behlendorf)
Wed Aug 2 01:48:51 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0008011556130.13797-100000@yez.hyperreal.org>
Date: Tue, 1 Aug 2000 16:04:25 -0700
Reply-To: Brian Behlendorf <brian@COLLAB.NET>
From: Brian Behlendorf <brian@COLLAB.NET>
X-To: sama@AGLORIOSO.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000731081203.B9652@aglorioso.com>
On Mon, 31 Jul 2000 sama@AGLORIOSO.COM wrote:
> On Fri, Jul 28, 2000 at 02:20:42PM -0400, Kev wrote:
> > This has been the case for quite some time. It would be nice if CVS
> > could be made more secure, but it would probably take a lot of work.
> > --
> > Kevin L. Mitchell <klmitch@mit.edu>
>
> Although I don't think it addresses this very problem, you might be
> interested in CVS-nserver (http://alexm.here.ru/cvs-nserver/), a
> rewrite of CVS to make it more modular and secure. I still haven't
> tried it myself, though.
There's another similar open source project in development that, if
implemented right, won't have this security problem, called Subversion
(http://subversion.tigris.org/). There are two full time people working
on it, with an ETA around September, but we could definitely use more
assistance.
Brian
