[Sussex] CVS

Steve Dobson steve at dobson.org
Sat Jan 29 09:38:21 UTC 2005


Colin

On Sat, Jan 29, 2005 at 08:49:52AM +0000, Colin Tuckley wrote:
> Steve Dobson wrote:
> 
> >Well given that the CVS protocol transmits the passwords in plain text
> >and SMB can be configured not to I am guessing SMB is the more secure
> >of the two (if configured correctly).
> 
> A better method is to configure CVS to use SSH as it's external transport 
> protocol (a matter of setting one environment var and adding :ext: to the 
> front of the repository id). Then once you have generated and installed the 
> keys it will be secure and won't require the user to log in manually every 
> time.

Agreed, and I did point Paul to the Secure CVS HOMWTO in another post.
Here I was just answering Geoff's question.
 
> This has the side effect of making all the file transfers secure as well.

Which for FOSS code is pointless as most FOSS CVS repositories these days
have anon access and a web interface, but SSH is the easiest way to 
secure an insecure protocol.

It may also reduce bandwidth.  A backup company, which after all designs
software to backup large amounts of data over a network, once told me that
with modern fast CPUs, when they compressing the data stream they got better
data through put on the backup.  This is important in backing up to tape.
You can lose a lot of data space on a tape if you keep stopping and starting
the data stream.  As many encryption algorithm also include compression
you may get the file(s) faster as a result.

Steve





More information about the Sussex mailing list