Re: [HACKERS] CVSup

Rasmus Lerdorf <rasmus@lerdorf.on.ca>

From: Rasmus Lerdorf <rasmus@lerdorf.on.ca>
To: The Hermit Hacker <scrappy@hub.org>
Cc: hackers@postgreSQL.org
Date: 1998-05-01T11:36:48Z
Lists: pgsql-hackers
> 	When I set things up, I could find no instructions for setting up
> anon-cvs that I felt comfortable implementing from a security
> standpoint...

If you use a semi-recent version of CVS, set the --allow-root restriction
in inetd.conf and create a cvs "passwd" file along with a "writers" file,
then I really don't see where the security problem is.  You are not
creating system-level accounts, and if you do not put the anonymous user
in your "writers" file, then this user will not be able to alter the
repository in any way.

-Rasmus