Re: Feature Request: clients shouldn't store auth-creds

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2005-01-05 22:26:34 CET

--On Wednesday, January 5, 2005 4:17 PM -0500 Greg Hudson <ghudson@MIT.EDU>
wrote:

> The more disturbing scenario is that people (or distributions) stay at
> svn 1.1 because of a perceived decrease in the usability of 1.2.
>
> I am not gung-ho about changing the default at all. My reasoning is
> that application-specific passwords are fairly bad security devices to
> start with. Failing to cache them by default would be trying to make up
> for their weaknesses by imposing policies which users won't tolerate.
> We wouldn't be increasing practical security very much and we'd be
> pissing off users more.
>
> I am particularly concerned about changing the default in 1.x, because
> of the potential for our users to see it as a downgrade.

My thoughts exactly: I'd be fine with altering this in 2.0 (preferably with
a bundled svn-agent a la ssh-agent), but certainly not for 1.x. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 22:28:23 2005

This message: [ Message body ]
Next message: John Pybus: "Re: Feature Request: clients shouldn't store auth-creds"
Previous message: Greg Hudson: "Re: Feature Request: clients shouldn't store auth-creds"
In reply to: Greg Hudson: "Re: Feature Request: clients shouldn't store auth-creds"
Next in thread: John Pybus: "Re: Feature Request: clients shouldn't store auth-creds"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]