[ On Wednesday, June 18, 2003 at 00:29:39 (-0400), Niels Provos wrote: ]
> Subject: Re: CVS_RSH to ssh
>
> It seems that you are exagerating slightly.

Only because it's a very common problem.

(Though I wasn't exaggerating about using NFS < v4, RSH, and TELNET and
other plain in-the-clear protocols over a good IPSEC VPN.  A VPN
traversing a public network should be at least as secure, if not
more-so, than a true private network where most folks are happy to
continue to run those protocols.  I doubt many folks want to bother
running SSH over a fully encrypted IPSEC VPN.)

> However, in my opinion CVS
> traffic is actually worthwhile protecting.  You don't want someone to
> insert the backdoor in your read-only traffic that you commit later
> into the repository.

This is quite true and is, presumably, why the OpenBSD folks now suggest
using SSH for all access to their repository:

   ssh
           Secure Shell can be used to access the anonymous CVS
           servers.  This is the recommended way of doing so, as it is
           encrypted.  As of 2.6, OpenBSD has included OpenSSH in its
           standard distribution.

Unfortunately very few other public anonymous access CVS repositories
are so well protected.

> And as such there is no reason to expose innocent users to potential
> security problems by default.  If people want to shoot themselves
> into their feet, they might as well export CVS_RSH=rsh and not
> the other way around.

I don't have any problem with the default CVS_RSH value changing for
NetBSD (as it has long ago for OpenBSD), especially since there's now
also anonymous CVS access via SSH for the NetBSD repository.

I've also argued for years for the complete removal of cvspserver from
the CVS source distribution, but it seems that's unlikely to happen any
time soon.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>