Hi Hans,
On Sun, May 8, 2011 at 9:58 PM, Hans Hübner hans.huebner@gmail.com wrote:
I think it would be better to publish the original repositories using pserver rather than making an extra copy just because of the paranoia. If pserver needs to be chroot (I'd doubt that), the repositories can live inside of the chroot and instead symlink to the /project directory.
Opinions? I can implement the simple scheme if noone objects.
If I'm correct, this page http://www.cvedetails.com/product/758/CVS-CVS.html?vendor_id=442 suggests that there have been no CVE security advisories anymore since 2005. If that's the case, I do concur that this is probably a bit too paranoid.
If nobody objects within say, the next 72 hours, I think we can safely assume there are no objections.
Thanks!
Bye,
Erik.