[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: developer.kde.org/source
From:       Dirk Mueller <mueller () kde ! org>
Date:       2004-06-13 19:47:09
Message-ID: 200406132147.09017.mueller () kde ! org
[Download RAW message or body]

On Sunday 13 June 2004 21:39, Will Andrews wrote:

> > which kind of security problem are you fixing by providing *anon* cvs
> > over SSH ? 
> No more pserver vulnerabilities.

Maybe I'm slightly uninformed, but none of the recent vulnerabilities in CVS 
was caused by pserver protocol. all of them were in the server part, so cvs 
over ssh is affected as well. 

> :ext: not needed, CVS_RSH=ssh default AFAIK, no ssh key needed,

CVS_RSH=ssh is only default on very recent 1.12.x versions, which are not in 
widespread use afaik. 

[prev in list] [next in list] [prev in thread] [next in thread]