Re: hardware for anoncvs

James Henstridge <james jamesh id au> writes:

> Jonathan Blandford wrote:
> >I missed this -- do we actually need hardware for anoncvs?  I'm
> >wondering if we can just turn on pserver on container or widget.  When
> >we first set up anoncvs, we had pretty poor bandwidth to the
> >machines and canvas was underpowered.  Things have changed -- we have
> >more than enough bandwidth and machine power now.
> >
> >Tomas, do you have any idea of how much anoncvs traffic we get?  Given
> >that container is pretty underutilized, should we look into doing this?
> >It would have the added advantage of being current, and not lagged.  We
> >could also do it on window, which has a read-only mounting of
> >/cvs/gnome, which would make me feel a bit better about it.
> >  
> >
> If you do turn on pserver, you might want to look at the patches that
> are being used on so that the cvs pserver runs
> completely unprivileged (it essentially forces the '-R' option).
> This makes sure that anonymous sessions can never leave stale locks
> around and limits the possible damage when the next CVS vulnerability is
> discovered.

Oh nice!  I would also love to update container to RHEL4 and set up an
selinux security context here, though that's not going to happen for a
little bit.  I'll try to track those patches down, though, and give them
a look.

We should get this going sooner rather than later.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]