Assumpte: A better approach to security
Arxiu de la llista
- From: Bob Ippolito <bob AT redivi.com>
- To: A better approach to security <cacert AT lists.cacert.org>
- Subject: Re: [CA cert] The case for open source (was Re: Bet)
- Date: Sun, 8 Aug 2004 22:57:16 -0400
- List-archive: <http://lists.cacert.org/mailman/private/cacert>
- List-id: A better approach to security <cacert.lists.cacert.org>
On Aug 8, 2004, at 10:16 PM, Duane wrote:
David Kaufman wrote:
pserver has had security-related bugs found in the code, and those were
quickly fixed, by the cvs developer community. ssh also has had several
critical bugs fixed recently which were found to potentially allow
hackers to compromise the server. do you not trust sshd anymore?
Actually I don't trust SSH, I try where possible to completely limit access to it via firewalls, if they can't hit it they can't exploit it.
The security of an open source project's source code repository isn't that big of a deal. If you're paranoid about unauthorized code changes, you can tell quite easily by looking at the diff before you update your local copy.
as Bob mentioned, sourceforge offers free CVS hosting, as does FSF.
As Nathan mentioned both have been compromised...
Which is basically a non-issue, as mentioned.
but cvs is not necessary for an open source project to flourish. it
helps, but many projects simply post snapshots of the source code as
tarballs on the web. developers still discuss the work on mailing
lists, and still submit patches just fine.
Which is the only secure solution I can think of so far...
Although it's definitely not my preferred source code management system, I think Arch would be perfect for someone like you. Arch works almost exactly like this, and you can host an Arch repository on any medium because it's basically just a snapshot.
-bob
- [CA cert] The case for open source (was Re: Bet), (continuat)
- [CA cert] The case for open source (was Re: Bet), David Kaufman, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Matt Hilmers, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Duane, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Bob Ippolito, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Nathan Reilly, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Nathan Reilly, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Ryan Verner, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Bob Ippolito, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Nathan Reilly, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), Nathan Reilly, 08/08/2004
- Re: [CA cert] The case for open source (was Re: Bet), David Kaufman, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Duane, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Bob Ippolito, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Duane, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Greg Black, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Duane, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Greg Black, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Duane, 08/09/2004
- Re: [CA cert] The case for open source (was Re: Bet), Bob Ippolito, 08/08/2004
- Re: [CA cert] Bet, Philipp Gühring, 08/08/2004
- Re: [CA cert] Bet, Duane, 08/08/2004
- [CA cert] Re: Copyright/License (Was: Bet), Christian Barmala, 08/08/2004
- Re: [CA cert] Re: Copyright/License (Was: Bet), David Kaufman, 08/09/2004
- [CA cert] The case for open source (was Re: Bet), David Kaufman, 08/08/2004
Arxiu generat per MHonArc 2.6.16.