That would defeat the purpose of CVS surely?

CVS is built to track every change in a file; if a file has changed you
*will* get a new version number - that is how it is supposed to work. If
you have notification mails enabled, you will get a mail.

CVS has no content intelligence, i.e. it can't determine that the only
change in a file is a Nortel password and then ignore it. A change is a
change.

I don't see that you have any other options than

1. tolerate the extra mails
2. FILTER out password strings

Maybe there's a 3rd option - to disable this "feature" on a Nortel? If
the hash is changing I assume it's being re-salted so it's either a
reversible hash-type, or the Nortel has a plain-text copy of the
password somewhere. Are these CHAP passwords at all? Outside of CHAP
there's no justification for doing that in this day and age (secret 7
<cough><cough>)

Aruba equipment has a similar behavior, you can disable the encryption at
the start of a RANCID login and re-enable it when you're done. I am *not*
a fan of doing that, though, as it translates to unnecessary config change
that has it's own side effects based in Aruba's architecture. We replace
a number of their encrypted strings as <removed> and comment those lines.

Does the Nortel equipment let you re-enter the passwords using the strings
you get from your "show config" output? I vaguely remember some equipment
that would encrypt the passwords during a show ... but they weren't usable
in that encrypted form.

andrew.