Greg A. Woods schrieb in <bugtraq@xxxxxxxxxxxxxxxxx>: > [ On Thursday, August 5, 2004 at 12:52:10 (+0300), Delian Krustev wrote: ] > >> There's a site outhere. It's sf.net . They demonstrate, with the number >> of projects being hosted there (with pserver access), You're not right >> again. > In the scenario you speak of sf.net has no real requirement for > accountability -- their offerning using CVSpserver is effectively the > same as providing anonymous access. Sf.net doesn't care who the real > humans are in this case -- they simply do their best (which isn't always > perfect) to keep whole projects from interfering with each other. In fact, you are even more right than you seem to think. Sf.net's pserver access is actually anonymous and read-only. Project data in the SF repository is considered public, and open to anonymous read access anyway. Their pserver access doesn't add anything to that. > Meanwhile, IIUC, sf.net does also offer secure SSH access to systems > hosting CVS repositories and they use true system identities for eash > SSH account, and presumably with this offering there's normally one (or > maybe more) unique system accounts for every real human using this That is so, and SSH access, with a system identity that is a member of the project's development team, is required for committing changes to a project repository. > service, though of course the responsibility of verifying the uniqueness > of system identities will be on the shoulders of the CVS project admins, > and perhaps not on sf.net themselves. Indeed. The registration form asks you to enter a real name, and a valid E-mail address which is verified by a confirmation E-mail, but there is no verification beyond that. -- Tilman Schmidt E-Mail: Tilman.Schmidt@xxxxxxxx Bonn, Germany Diese Nachricht besteht zu 100% aus wiederverwerteten Bits. Ungeöffnet mindestens haltbar bis: (siehe Rückseite)
