[cvsnt] cvs login should only work with PSERVER (was: Trouble remotely checking out files from the CVS server)
arthur.barrett at march-hare.com
Mon Mar 24 17:50:48 GMT 2008
> Cvsagent is unrelated to SSH. It's simply a temporary reposotory of
> passwords - it works fine with pserver too.
Yes of course - and if anything that strengthens the case for disabling
the registry store (since it's not needed).
> By all means recommend people use the agent.. but removing the login
> functionality is going to kill the usage for a lot of people...
> including me!
Even if there is a global option (--use-cvspass ?) to allow it?
The two most 'controversial' ideas I've had of late are disabling
:local: and disabling .cvspass, and they both fall into the same
category - they are fine for people who know what they are doing - but
people who do not come to poor conclusions - eg: that acls don't work
(since :local: is always admin) or that passwords are insecure. How far
do we go to protect people from themselves?
I think that at a minimum :local: and .cvspass should generate
'warnings' for the new user (again no warning given if --use-cvspass or
--use-local are specified, and someone like you or me can put those in
The question is - how much do we inconvenience the experienced people
for the sake of the new users/people who jump to (incorrect)
More information about the cvsnt