[cvsnt] cvs login should only work with PSERVER (was: Trouble remotely checking out files from the CVS server)

[Arthur Barrett]

Tony,

> Cvsagent is unrelated to SSH.  It's simply a temporary reposotory of 
> passwords - it works fine with pserver too.

Yes of course - and if anything that strengthens the case for disabling
the registry store (since it's not needed).

> By all means recommend people use the agent.. but removing the login 
> functionality is going to kill the usage for a lot of people... 
> including me!

Even if there is a global option (--use-cvspass ?) to allow it?  

The two most 'controversial' ideas I've had of late are disabling
:local: and disabling .cvspass, and they both fall into the same
category - they are fine for people who know what they are doing - but
people who do not come to poor conclusions - eg: that acls don't work
(since :local: is always admin) or that passwords are insecure.  How far
do we go to protect people from themselves?

I think that at a minimum :local: and .cvspass should generate
'warnings' for the new user (again no warning given if --use-cvspass or
--use-local are specified, and someone like you or me can put those in
cvsrc).

The question is - how much do we inconvenience the experienced people
for the sake of the new users/people who jump to (incorrect)
conclusions?

Regards,


Arthur