httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: anonymous CVS access
Date Wed, 30 Jul 1997 18:19:26 GMT
On Wed, 30 Jul 1997, Dean Gaudet wrote:

> On Wed, 30 Jul 1997, Marc Slemko wrote:
> > Is it a good idea?  I like the idea.  I am uncomfortable with the
> > way some things are currently done for security reasons; nothing that
> > can really be addressed without having a seperate system just
> > for Apache.
> What are you uncomfortable with? 

Anyone can access the bugdb, anyone can do silly things to let people get
access to the system, once they have a shell they probably can get root
somehow.  Just a lot of little things that add up.  The Apache development
and distribution system could be a very attractive target for crackers.
taz is simply a lot more open for various (quite valid) reasons.

> If we had two systems what would each do? 

We wouldn't have two systems; it would be more like there would be one
system dedicated to Apache with no other accounts.

View raw message