[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Installtion and CVS

> On Mon, Feb 28, 2000 at 11:18:12PM +0100, JF Martinez wrote:
> > I promised to put the isntallation on CVS, however there are security
> > problems with this given that normal CVS transmits unencrypted
> > password so I fear we will have to content ourselves with something
> > more centralized ie periodic releases with people sending me patches.
> You have two options. First of all, you can do the old way of setting up a
> cvs repository: go into /home/indy/ on cran, and do a cvs init. Then
> you can set your CVSROOT to :ext:foo@cvs.seul.org:/home/indy/... and
> your CVS_RSH to ssh, and work from there. All of that should be detailed in
> the cvs/ssh howto off our www.seul.org/dev/ page. This has full
> authentication and full encryption.
> The better approach is to put your tarball in your /home/indy/ directory
> on cran, and then send Ales mail (ahvezda@seul.org) telling him about it.
> >From there, he will enter your code as the distrib/indy module in our
> pserver cvs repository. From there, people will be able to do anonymous
> checkouts, and you can add new people easily (with the first option, each

That feels better.

> new person needs an account on cran -- which we can do, but might be
> overkill). Along with your source tarball, he will want a list of people
> who should be able to do writes to the repository: for each person, he needs
> a username and a crypted password. It is true that this approach doesn't
> have much authorization (and no encryption), but the risk we're taking is
> pretty small since these aren't "real" accounts.

Well my concern is about the installation being updated by an
unauthorized person.  Presently we also have the problem of
authentifying persons (not userids).  It is presently impossible to
have a trusted group member meeting face to face a new member in order
to get credentials.

Ans speaking of face to face encounters are you finally coming to
Bordeaux for the 'Journees du Libre'?

			Jean Francois Martinez

Project Independence: Linux for the Masses