[nycbug-talk] Security Implications for cvsupd

Okan Demirmen okan
Tue Dec 7 23:19:42 EST 2004


On Tue 2004.12.07 at 19:31 -0500, Pete Wright wrote:
> Hi all,
> 	For various reasons I've contemplated setting up a cvsup mirror.
> While I plan to use it mostly for personal use at first, I've
> kicked around the idea of making it semi-public.  Are there any
> non-obvious security implications one should think about when
> doing this.  I am most likely going to run it in a jail, but
> there maybe there are other things to worry about.  Secondly,
> is there any interest/need for yet another cvs mirror for
> FreeBSD in the NycBug community?

an nycbug mirror in california - that's a novel idea! i say do it ;)

as far as security is concerned, do anoncvs over ssh - no pserver.
since i imagine you are running pf somewhere on or in front of it,
limit the bandwidth and connections.

i've run an unofficial openbsd mirror for quite a while for a couple
of dozen people and projects without concern - not really publicly
advertised, but publicly available. - just for kicks.

okan

> -p
> 
> -- 
> ~~oO00Oo~~
> Peter Wright
> pete at nomadlogic.org
> www.nomadlogic.org/~pete
> 917.415.9866
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month

-- 
Okan Demirmen <okan at demirmen.com>
PGP-Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB3670934
PGP-Fingerprint: 226D B4AE 78A9 7F4E CD2B 1B44 C281 AF18 B367 0934




More information about the talk mailing list