[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2005-01-05 22:17:22 CET

On Wed, 2005-01-05 at 15:39, Ben Collins-Sussman wrote:
> But we'd better be ready for a slew of newbies asking us how to make
> subversion stop asking for their password. I predict it will jump into
> the top 10 FAQs on the users@ list.

The more disturbing scenario is that people (or distributions) stay at
svn 1.1 because of a perceived decrease in the usability of 1.2.

I am not gung-ho about changing the default at all. My reasoning is
that application-specific passwords are fairly bad security devices to
start with. Failing to cache them by default would be trying to make up
for their weaknesses by imposing policies which users won't tolerate.
We wouldn't be increasing practical security very much and we'd be
pissing off users more.

I am particularly concerned about changing the default in 1.x, because
of the potential for our users to see it as a downgrade.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 22:18:39 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.