On Wed, Jul 25, 2001 at 12:48:11AM -0500, Bob Tanner wrote:
> Can I require ssh access for committers?

I have no problem with it.  However, it does make things much more difficult.
For example, I may have to copy all of my CVS SSH keys to the hosts where
I have servers installed...and some of those accounts are shared accounts.

I suspect that several inactive or less SSH/CVS knowledgeable developers may
simply opt not to mess with it.

> But I know the last security
> review we did I brought this up and was told the window developers would hate
> it.

I've tried using CVS/WinCVS/SSH under Windows, and the setup is a royal pain.
But Vanilla does not run under Windows, so I think the point is moot.  If
there are any netrek client software in your repository, then people might

> Comments?

I'm split 50/50 between getting the better security of CVS/SSH and losing
the few occasional developers we have from the added complexity.  In the
end your decision should be based on whether Real-Time can afford the
impact on your business operations if the CVS pserver setup is ever
compromised.  If not, enforce SSH/CVS.


Dave Ahn | ahn at vec.wfubmc.edu | Wake Forest University Baptist Medical Center

When you were born, you cried and the world rejoiced.  Try to live your life
so that when you die, you will rejoice and the world will cry.  -1/2 jj^2