Subject: Re: CVS_RSH to ssh
To: Niels Provos <>
From: Greg A. Woods <>
List: tech-userlevel
Date: 06/18/2003 00:21:58
[ On Wednesday, June 18, 2003 at 00:05:54 (-0400), Niels Provos wrote: ]
> Subject: Re: CVS_RSH to ssh
> Seems like a great idea to me.  Nobody should be using rsh any longer
> anyway, even on private networks.

I guess we'd better all stop using NFS on our private networks too,
especially via UDP....  :-)

Hmmm.... maybe we should stop using all raw ICMP, UDP, and TCP and only
use carefully configured and controlled IPSEC VPNs everywhere, but of
course if we did that then we could go back to using RSH and TELNET and
such again without fear, so just exactly what do you mean by "private

> For that matter, does pserver have cryptographic integrity guarantees?

Like I said before, cvspserver should not ever be used for anything but
anonymous read-only access, and then only when you don't care much about
the integrity of the data you retrieve (and from the administrator's
point of view it should probably only access a _copy_ of any real
repository and on a server separately secured from the one hosting the
real repo).

								Greg A. Woods

+1 416 218-0098;            <>;           <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>