[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Installtion and CVS

To: independence-l@independence.seul.org
Subject: Re: Installtion and CVS
From: JF Martinez <jfm2@club-internet.fr>
Date: Tue, 29 Feb 2000 00:42:03 +0100
Delivery-Date: Mon, 28 Feb 2000 18:42:34 -0500
In-reply-to: <20000228173410.E1194@belegost.mit.edu> (message from RogerDingledine on Mon, 28 Feb 2000 17:34:10 -0500)
References: <200002282218.XAA00900@agnes.bagneux.maison> <20000228173410.E1194@belegost.mit.edu>
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

> 
> On Mon, Feb 28, 2000 at 11:18:12PM +0100, JF Martinez wrote:
> > I promised to put the isntallation on CVS, however there are security
> > problems with this given that normal CVS transmits unencrypted
> > password so I fear we will have to content ourselves with something
> > more centralized ie periodic releases with people sending me patches.
> 
> You have two options. First of all, you can do the old way of setting up a
> cvs repository: go into /home/indy/ on cran, and do a cvs init. Then
> you can set your CVSROOT to :ext:foo@cvs.seul.org:/home/indy/... and
> your CVS_RSH to ssh, and work from there. All of that should be detailed in
> the cvs/ssh howto off our www.seul.org/dev/ page. This has full
> authentication and full encryption.
> 
> The better approach is to put your tarball in your /home/indy/ directory
> on cran, and then send Ales mail (ahvezda@seul.org) telling him about it.
> >From there, he will enter your code as the distrib/indy module in our
> pserver cvs repository. From there, people will be able to do anonymous
> checkouts, and you can add new people easily (with the first option, each

That feels better.

> new person needs an account on cran -- which we can do, but might be
> overkill). Along with your source tarball, he will want a list of people
> who should be able to do writes to the repository: for each person, he needs
> a username and a crypted password. It is true that this approach doesn't
> have much authorization (and no encryption), but the risk we're taking is
> pretty small since these aren't "real" accounts.
> 

Well my concern is about the installation being updated by an
unauthorized person.  Presently we also have the problem of
authentifying persons (not userids).  It is presently impossible to
have a trusted group member meeting face to face a new member in order
to get credentials.

Ans speaking of face to face encounters are you finally coming to
Bordeaux for the 'Journees du Libre'?

-- 
			Jean Francois Martinez

Project Independence: Linux for the Masses
http://www.independence.seul.org

References:
- Installtion and CVS
  - From: JF Martinez <jfm2@club-internet.fr>
- Re: Installtion and CVS
  - From: Roger Dingledine <arma@mit.edu>

Prev by Date: Re: Installtion and CVS
Next by Date: Re: Installtion and CVS
Prev by thread: Re: Installtion and CVS
Next by thread: Re: Installtion and CVS
Index(es):
- Date
- Thread