* dman ([EMAIL PROTECTED]) spake thusly: ... > What is insecure about pserver, if you have anonymous access?
To quote TFCVSM, "once a user has non-read-only access to repository, she can execute programs on the server system through a variety of means." Read section 2.9.3.3 -- "Security considerations with password authentication" and weep. So, if you are going to provide anonymous cvs (& I've no idea if OP wants that), you don't want pserver. If you're paranoid enough, you'll also want to hide CVSROOT from anonymous lusers, disable write access to cvs repository (you need to write lock files etc. someplace else), and put the whole mess in a chroot jail on a dedicated swerver in the DMZ. This is besides the point though. The point is that I simply mentioned Joey's method as one of the options. Dima (http://kitenet.net/programs/sshcvs/) -- We're sysadmins. Sanity happens to other people. -- Chris King
