[nycbug-talk] Security Implications for cvsupd

Pete Wright pete
Tue Dec 7 23:33:14 EST 2004


On Tue, Dec 07, 2004 at 11:19:42PM -0500, Okan Demirmen wrote:
> On Tue 2004.12.07 at 19:31 -0500, Pete Wright wrote:
> > Hi all,
> > 	For various reasons I've contemplated setting up a cvsup mirror.
> > While I plan to use it mostly for personal use at first, I've
> > kicked around the idea of making it semi-public.  Are there any
> > non-obvious security implications one should think about when
> > doing this.  I am most likely going to run it in a jail, but
> > there maybe there are other things to worry about.  Secondly,
> > is there any interest/need for yet another cvs mirror for
> > FreeBSD in the NycBug community?
> 
> an nycbug mirror in california - that's a novel idea! i say do it ;)

well it'd be admin'd from ca, but it's colo'd in rockland co ny.  that's
the only way george would allow me to keep my nycbug mebership card ;p
> 
> as far as security is concerned, do anoncvs over ssh - no pserver.
> since i imagine you are running pf somewhere on or in front of it,
> limit the bandwidth and connections.

cool, would this still apply for cvsup?  I just noticed that i
incorrectly refered to it as a cvs mirror in my original email.  i meant
cvsup.

> 
> i've run an unofficial openbsd mirror for quite a while for a couple
> of dozen people and projects without concern - not really publicly
> advertised, but publicly available. - just for kicks.
>
cool...that's pretty much what i'm shooting for.  know i know who to
call when all h*ll breaks loose ;)

-p


-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
917.415.9866




More information about the talk mailing list