05:00 AM
Connect Directly


FUDBuster busts the "vulnerability" in CVS, the source-code repository used by many open-source projects.

When: Jan. 23, 2003

What: A recent 'big news' item in some publications revealed that there was a vulnerability in CVS, the source-code repository used by many open-source projects.

FUDFactor: This vulnerability may have led, or may yet lead, to Trojan horses (or worse) introduced directly into the source code of your favorite open-source product.

Discuss Join other NWC readers in discussing this article.
FUDBust: This is nothing more than sensationalism. The vulnerability was discovered, reported to organizations known to use CVS and reported to the CVS development group before the press was alerted. The problem was fixed by the time the articles were written. More important, the real risk of Trojans comes from team members of small OSS projects, not from outsiders cracking CVS servers. In a large project, with many people going over the code (the Apache Project for example), the risk of Trojans introduced into the source code is minimal. For a project with one or two developers and a small user base, the risk is present. To protect against the tiny chance that one of those developers is a rogue, have another developer look over the source code before you install it.

Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed