Thread

  1. CVSup

    Maurice Gittens <mgittens@gits.nl> — 1998-05-01T06:36:05Z

    Hi,
    
    I don't understand the problem CVSup is intended to solve given
    that CVS allows remote access to the repository using standard cvs
    commands. Is there a specific reason why we can't/don't have readonly access
    to the postgresql repository?
    
    I think it's neat to be able to use commands like "cvs diff" etc. However
    I really hate it that my changes seem to get overwritten why I using
    CVSup since this doesn't happen when using the "cvs update".
    
    Can anyone explain why this is the way it is?
    
    Thanks, with regards from Maurice.
    
    
    
    
  2. Re: [HACKERS] CVSup

    Brett McCormick <brett@work.chicken.org> — 1998-05-01T06:45:14Z

    This may be the totally wrong place for asking this question, but what
    exactly *is* CVSup?
    
    On Fri, 1 May 1998, at 08:36:05, Maurice Gittens wrote:
    
    > I don't understand the problem CVSup is intended to solve given
    > that CVS allows remote access to the repository using standard cvs
    > commands. Is there a specific reason why we can't/don't have readonly access
    > to the postgresql repository?
    > 
    > I think it's neat to be able to use commands like "cvs diff" etc. However
    > I really hate it that my changes seem to get overwritten why I using
    > CVSup since this doesn't happen when using the "cvs update".
    > 
    > Can anyone explain why this is the way it is?
    > 
    > Thanks, with regards from Maurice.
    > 
    > 
    
    
  3. Re: [HACKERS] CVSup

    Marc G. Fournier <scrappy@hub.org> — 1998-05-01T11:22:00Z

    On Fri, 1 May 1998, Maurice Gittens wrote:
    
    > Hi,
    > 
    > I don't understand the problem CVSup is intended to solve given
    > that CVS allows remote access to the repository using standard cvs
    > commands. Is there a specific reason why we can't/don't have readonly access
    > to the postgresql repository?
    > 
    > I think it's neat to be able to use commands like "cvs diff" etc. However
    > I really hate it that my changes seem to get overwritten why I using
    > CVSup since this doesn't happen when using the "cvs update".
    > 
    > Can anyone explain why this is the way it is?
    
    	When I set things up, I could find no instructions for setting up
    anon-cvs that I felt comfortable implementing from a security
    standpoint...
    
    	If you remove the 'tag=.' part of the CVSup config file, you can
    pull down the complete CVS repository to your machine to manipulate as you
    want to...
    
    
    
    
  4. Re: [HACKERS] CVSup

    Marc G. Fournier <scrappy@hub.org> — 1998-05-01T11:22:20Z

    On Thu, 30 Apr 1998, Brett McCormick wrote:
    
    > 
    > This may be the totally wrong place for asking this question, but what
    > exactly *is* CVSup?
    
    	See ftp.postgresql.org:/pub/CVSup ...
    
    
    > 
    > On Fri, 1 May 1998, at 08:36:05, Maurice Gittens wrote:
    > 
    > > I don't understand the problem CVSup is intended to solve given
    > > that CVS allows remote access to the repository using standard cvs
    > > commands. Is there a specific reason why we can't/don't have readonly access
    > > to the postgresql repository?
    > > 
    > > I think it's neat to be able to use commands like "cvs diff" etc. However
    > > I really hate it that my changes seem to get overwritten why I using
    > > CVSup since this doesn't happen when using the "cvs update".
    > > 
    > > Can anyone explain why this is the way it is?
    > > 
    > > Thanks, with regards from Maurice.
    > > 
    > > 
    > 
    
    
    
  5. Re: [HACKERS] CVSup

    Rasmus Lerdorf <rasmus@lerdorf.on.ca> — 1998-05-01T11:36:48Z

    > 	When I set things up, I could find no instructions for setting up
    > anon-cvs that I felt comfortable implementing from a security
    > standpoint...
    
    If you use a semi-recent version of CVS, set the --allow-root restriction
    in inetd.conf and create a cvs "passwd" file along with a "writers" file,
    then I really don't see where the security problem is.  You are not
    creating system-level accounts, and if you do not put the anonymous user
    in your "writers" file, then this user will not be able to alter the
    repository in any way.
    
    -Rasmus