From: Emmanuel Marty <core@suntech.fr>
  To  : ggi-develop@eskimo.com
  Date: Sat, 13 Feb 1999 23:30:58 +0100

Re: CVS maintainer?

Hi,

> > Hope Berlin development is going well :)
> 
> sluggish but coming along. I personally don't know enough to carry it while
> everyone is tending to other needs, but development will pick up again soon
> enough ;)

Ah, good. I was curious, as I saw a couple announcements but no
updates on the website.

> currently berlin's repo is set up similarly. one account. We're using the
> rsh method (with rsh=ssh) which requires one system acct per cvs acct. Do
> you know of any way to set up multiple rw accts using a strong encryption
> mechanism such as ssh or ssl? I mean, without needing one system acct per
> cvs acct?
>         I'm examining this b/c it's just hard right now to tell who is doing
> what, unless they follow a specified log format. Not exactly a major need,
> but I was just seeing if I could figure it out ;)

I don't get this bit. How many actual system accounts you have makes no
difference, cvs still stores the changes made on a cvs account basis. All
GGI developers share the same system account but still you can see their
individual changes (cf. http://degas.ggi-project.org :)

> I'd like to know how secure the password method is... Are the passwords
> crypt()ed at the cvs server's end? if so, you're transmitting passwords
> cleartext. If they are crypt()ed locally, the possibility for trojan is
> hanging right out..

Well, the passwords are stored locally in a way that can be reversed so
they are transmitted to the server. ie. anyone who knows the algorithm
and has access to your .cvspass can figure them out, so it's not secure
at all. IIRC they are even transmitted cleartext to the server when
you use the pserver method.

>         Perhaps there's a way to bottle everything up inside a ssh session,
> or a tcp stream that's transparently encrypted via SSL. I know
> someone that I think is looking into the latter.

It is probably possible to use ssh to remotely execute cvs inside the
encrypted tunnel, yes.

>         Yes, berlin used to use pserver. But graydon felt insecure using it,
> so we switched. I personally agreed completely with that move ;)

Well, if someone steals a ggi developer password and starts committing
altered files, the changes can be removed without much trouble - cvs does
that automatically. The cvs passwords don't map to actual system accounts
at all, and there is no way to get a shell to degas (the master cvs
repository) from outside suntech offices at all; so it's a controlled
risk. Granted, if I find a more secure method that doesn't mean more
trouble for our developers, I'll gladly switch to it.

For Berlin, you should probably have a look into the Kerberos
method supported by cvs. kserver or something. There is extensive
documentation about that in the cvs tutorials.

--
Emmanuel