[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: developer.kde.org/source
From:       Will Andrews <will () csociety ! org>
Date:       2004-06-13 20:35:15
Message-ID: 20040613203515.GL99784 () sirius ! firepipe ! net
[Download RAW message or body]


On Sun, Jun 13, 2004 at 09:47:09PM +0200, Dirk Mueller wrote:
> Maybe I'm slightly uninformed, but none of the recent vulnerabilities in CVS 
> was caused by pserver protocol. all of them were in the server part, so cvs 
> over ssh is affected as well. 

You're right.  Nonetheless, there have been many pserver-only
holes in the past.  Of course, I just used the recent ones as an
excuse to switch.

> CVS_RSH=ssh is only default on very recent 1.12.x versions, which are not in 
> widespread use afaik. 

Strange, it's worked for me for quite a while.

-- 
wca

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]