Thursday, June 10, 2004

More flaws foul security of open-source repository

// code under development //

Security researchers have found at least six more flaws in the open-software world's most popular program for maintaining code under development.

The security flaws underscore the advice of CVS Project leaders, who say development teams should not be placing source-code repositories directly on the Internet. Rather, the repositories should be accessible only on private local networks or through VPNs (virtual private networks), said Derek Robert Price, one of three maintainers of the CVS Project and the project's release manager.

Major open-source projects, including the Apache Foundation's Apache Web server and the GNOME and KDE Linux desktops, use the Concurrent Versions System to manage code under development. The software allows programmers to check in changed code, and it tracks the different versions of a program under development.

Earlier in may :
Flaws drill holes in open-source repository

No comments: