Providing customized source code control with CVS
Providing customized source code control with CVS
Typically, in CVS, the repository is on a server that is referred to by a large number of clients. You need to decide what method you want to use to connect the server and clients.
This method uses an external method to connect and authenticate, which allows both flexibility and security. Using this method, with ssh as the connecting agent, provides excellent security at a very slight cost. It requires that every user have his or her own account on the server (although it need not have any permissions other than running CVS).
This method uses CVS's own connection abilities, and is less secure than the "ext" method. It also requires setup on the server side, although it is not necessary to create individual accounts. There are variations called "kserver" and "gserver" and (on CVSNT) "ntserver", which try to be more secure, but in general it's better to use specialized software if security is a concern.
For most installations, use the "ext" method with ssh. This provides good authentication, encryption, and accountability. The "pserver" methods provide more limited authentication, due to the design of CVS, and therefore less accountability. They work well for read-only access where authentication is not important, and therefore are widely used in public repositories for guest access.
One concern I have encountered is that the "pserver" method tags each CVS-controlled directory with a user, whereas the "ext" method doesn't. This can cause awkwardness when one person is working in another person's directories, such as when doing code reviews.
CVS also provides the "local" access method, which works when the user is on the same machine as the client. It may be tempting to use that with an NFS- or Samba-mounted drive, but this is a very bad idea, as the subtleties of locks and synchronization on network drives can cause the repository to be corrupted. Use a client-server method ("ext" or "pserver") instead.
All contents of these pages Copyright 2002 by David H. Thornley.
Permission granted for verbatim copying and use within an organization.