Bugtraq mailing list archives
Re: CVS woes: .cvspass
From: Tilman Schmidt <Tilman.Schmidt () ePost de>
Date: Fri, 06 Aug 2004 10:29:36 +0200
Greg A. Woods schrieb in <bugtraq () SecurityFocus com>:
[ On Thursday, August 5, 2004 at 12:52:10 (+0300), Delian Krustev wrote: ]There's a site outhere. It's sf.net . They demonstrate, with the number of projects being hosted there (with pserver access), You're not right again.
In the scenario you speak of sf.net has no real requirement for accountability -- their offerning using CVSpserver is effectively the same as providing anonymous access. Sf.net doesn't care who the real humans are in this case -- they simply do their best (which isn't always perfect) to keep whole projects from interfering with each other.
In fact, you are even more right than you seem to think. Sf.net's pserver access is actually anonymous and read-only. Project data in the SF repository is considered public, and open to anonymous read access anyway. Their pserver access doesn't add anything to that.
Meanwhile, IIUC, sf.net does also offer secure SSH access to systems hosting CVS repositories and they use true system identities for eash SSH account, and presumably with this offering there's normally one (or maybe more) unique system accounts for every real human using this
That is so, and SSH access, with a system identity that is a member of the project's development team, is required for committing changes to a project repository.
service, though of course the responsibility of verifying the uniqueness of system identities will be on the shoulders of the CVS project admins, and perhaps not on sf.net themselves.
Indeed. The registration form asks you to enter a real name, and a valid E-mail address which is verified by a confirmation E-mail, but there is no verification beyond that. -- Tilman Schmidt E-Mail: Tilman.Schmidt () ePost de Bonn, Germany Diese Nachricht besteht zu 100% aus wiederverwerteten Bits. Ungeöffnet mindestens haltbar bis: (siehe Rückseite)
Current thread:
- Re: CVS woes: .cvspass Greg A. Woods (Aug 04)
- Re: CVS woes: .cvspass Delian Krustev (Aug 05)
- Re: CVS woes: .cvspass Greg A. Woods (Aug 05)
- Re: CVS woes: .cvspass Delian Krustev (Aug 06)
- Re: CVS woes: .cvspass Greg A. Woods (Aug 07)
- Re: CVS woes: .cvspass Tilman Schmidt (Aug 06)
- Re: CVS woes: .cvspass Greg A. Woods (Aug 05)
- Re: CVS woes: .cvspass Andy Dustman (Aug 06)
- Re: CVS woes: .cvspass Delian Krustev (Aug 05)
- Re: CVS woes: .cvspass Robin Rosenberg (Aug 07)
- Re: CVS woes: .cvspass Robin Rosenberg (Aug 07)