Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Re: [OT] Advanced CVS usage

by drewbie (Chaplain)
on May 29, 2003 at 19:35 UTC ( #261662=note: print w/replies, xml ) Need Help??

in reply to Re: [OT] Advanced CVS usage
in thread [OT] Advanced CVS usage

I did look at Subversion as part of this project, and I've heard lots of good things about it. It certainly has some features I'd love to have (atomic commits & easy renaming come to mind). But it seems more complex to install than CVS, and we already have a working CVS installation & are familiar with it. I also am not crazy about the fact that it requires a webserver (Apache 2 at that IIRC). We are using mod_perl w/ Apache 1.3 and I'm not very interested in adding a 3rd server into the mix.

Subversion is definitely something I'll keep my eye on for the future. But I don't think it's the answer for right now, at least at work.

Replies are listed 'Best First'.
Re: Re: Re: [OT] Advanced CVS usage
by autarch (Hermit) on May 30, 2003 at 04:08 UTC
    Subversion has its own server now that can run over an ssh connection. It's just called svnserve.

      Now that you mentioned it, I do remember reading in an FAQ about the SSH option... Hmmm, subversion is looking better & better. I printed off Chapters 1-6 of the Subversion book yesterday & will look over it this weekend.

      Any gotchas I should be on the lookout for if we switch to subversion?

      ..which again suffers from a larger security hole than a properly-scoped ACL that does not require local user accounts.

      As far as I know, without a SERIOUSLY locked down chroot (i.e. no logins allowed whatsoever), you can't let non-local users use ssh. You need to create a local account for them on the physical box (or LDAP, or whatever you use). This opens a potential hole in your security, pending someone exploiting the client machine or network (which, as you know, you can never trust or validate).

      If someone has a trusted account on your box(es), they can always try "Exploit-of-the-week" to try to gain root or consume unnecessary resources of the machine proper. These can be controlled with limits(5) and chroot(8), but those too, require considerations of their own.

      With a system using ACLs, and no local user accounts, you can be sure that even if the user's machine, network, or password were somehow sniffed or exploited in some way as to compromise their access to their repository, it does not compromise your server running those repositories.

      Requiring a local account, ssh, cvs, login, or otherwise, is always going to be less secure than a system that works without the use of that constraint. See and for more information on these issues.

      Subversion is definately a contender for personal repositories, and public repositories where absolute security is not an issue, but those should be determined by the administrator who needs to install, maintain, and manage those repositories.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://261662]
and one hand claps...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2017-04-28 03:13 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (517 votes). Check out past polls.