> A lot of people use CVS to manage their web content. It's a great way to > keep track of changes, and makes updating and rollbacks a very easy > thing to do. ... > When I finally decided to manage my web content with CVS, I noticed > something about the directory layout (after running a `cvs up`) of my > website; there were a bunch of CVS directories with files in them. I > always knew they were there when working with CVS (those files are the > way CVS keeps track of versions and what not), but I never paid any mind > to them.. until today. I use CVS to manage many of my web sites too, however the website is rsync'd from the checked out CVS version. I use the '-C' flag (--cvs-exclude) to automatically not upload any CVS-related files. From the man page: This is a useful shorthand for excluding a broad range of files that you often donīt want to transfer between systems. It uses the same algorithm that CVS uses to determine if a file should be ignored. The exclude list is initialized to: RCS SCCS CVS CVS.adm RCSLOG cvslog.* tags TAGS .make.state .nse_depinfo *~ #* .#* ,* *.old *.bak *.BAK *.orig *.rej .del-* *.a *.o *.obj *.so *.Z *.elc *.ln core then files listed in a $HOME/.cvsignore are added to the list and any files listed in the CVSIGNORE environment variable (space delimited). Finally, any file is ignored if it is in the same directory as a .cvsignore file and matches one of the patterns listed therein. See the cvs(1) manual for more information. This prevents all those sensative files from being published, not just those that are in the CVS directory. If it's just the CVS directory you're worried about, you could configure apache to deny these using a <files CVS> option in your httpd.conf. -- Brian Hatch I used to work in a Systems and blanket factory, Security Engineer but it folded. www.hackinglinuxexposed.com Every message PGP signed
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 09:32:02 PST