<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Given our distro system, if we're really worried about hackers
<br>sniffing commit logs, I would rather remove anonymous CVS access.</blockquote><div><br>We can't do that. Many users rely on cvs access to deploy sites.<br><br>We can in theory shut that down. But what about <a href="http://drupal.org/cvs">
http://drupal.org/cvs</a>?<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">That way you stop the vulnerability sniffing all together. Like I
<br>said I know I'm in the minority here and don't really expect to<br>change your mind on this one.<br></blockquote><div><br>If we shut down both, then it is no longer an open source project.<br><br>Didn't see any major project shut down like that.
<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I been involved with enough volunteer organizations to know that it's<br>always an uphill battle to manage workload. I don't begrudge that,
<br>but I try and keep my expectations tempered.<br><br>I really hope no-one on the security team is offended. I mean no<br>such offense. I really do respect and appreciate the service that<br>they provide and yes, I do consult with them when I do my security
<br>related fixes.</blockquote><div><br>No offense taken at all, from you or from others. We are always open<br>to suggestions (and even recruiting for the security team!)<br></div></div>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">
2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.