Date: Thu, 18 Sep 1997 08:49:54 +0900 From: itojun@itojun.org To: hackers@freebsd.org Subject: Re: cvs pserver mode (summary) Message-ID: <26897.874540194@itojun.csl.sony.co.jp> In-Reply-To: Julian Elischer <julian@whistle.com>'s message of Wed, 17 Sep 1997 09:46:47 -0700. <34200977.446B9B3D@whistle.com> References: <34200977.446B9B3D@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Many thanks to people sent me the comments about this: >> Thanks very much for the comment (and to Julian), I'll keep myself >> away from pserver. >> My goal is to have a way to publish half-public source code to >> 20 or so people, without giving them an account on my machine. >> (they won't make changes to my repository) >> Options seems to be as follows, but I don't know which is good/bad. >> - cvs pserver (should stay away from this) >> - anonymous cvs + some modification >> (how to set it up? OpenBSD people uses this to keep them in sync) >> - cvsupd + some modification >> (current version has no authentication, it seems) >> - give an account (say, "mygroup") to them and use rsh/ssh >> Please let me know your opinion. Thanks! Summary of the answers is as follows: 1. cvs pserver mode is not good since: - it stores cleartext password in ~/.cvspass - cleartext password will be transmitted over the net 2. cvs pserver mode needs "--allow-root=/cvsroot", which is new option introduced in 1.19.10. 3. make account for people with no login shell, let them use ssh to invoke remote cvs. 4. use cvsup server. 5. anoncvs server in chroot'ed environment. need some modification on cvs, and need to write a wrapper. 6. how about rsync? Finally, I set up cvsup server with IP address check. The security I wanted was to restrict the people who can fetch my repository to small members (20 or so), and the member is known already. (I did not want them to have account on my machine) cvsup server with IP address check (cvsupd.access) seems to be the easiest and sound solution for me. I don't know why but I wasn't able to run pserver successfully. Anyway suggestion was pserver has pitfalls, so I did not used this. Again, I would like to say thank you for wonderful answers. itojun
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26897.874540194>