[development] FAQ: Why is Drupal still using CVS when X is a much better choice?

Adrian Rossouw adrian at bryght.com
Thu Jul 31 18:05:47 UTC 2008

On 31 Jul 2008, at 7:46 PM, Derek Wright wrote:

> I think the security problems will be just as bad with SVN given the  
> OSUOSL infrastructure.  There's a way to do CVS securely (over ssh),  
> which is basically equivalent to what we'd have to do to actually  
> make SVN secure (as far as I know), but the OSUOSL side of this  
> question has been "won't fixed" because it would involve giving  
> (extremely limited) shell access to every CVS account holder:
Umm. i think this issue is the same as running apache with fastcgi and  
suexec (the only really secure way to do multisite, so that each site  
has it's own user account owning the files). This would probably  
involve something like using PAM and mysql.

I'd definitely be keen to learn more about how this can be solved.

More information about the development mailing list