Greg Hudson wrote:
> On Wed, 2005-01-05 at 15:39, Ben Collins-Sussman wrote:
>
>
> The more disturbing scenario is that people (or distributions) stay at
> svn 1.1 because of a perceived decrease in the usability of 1.2.
If distros are worried enough to consider not upgrading (I find this
hard to believe given the compelling features still going into svn),
then they can change the default back in their packages. Likewise
sysads building from source probably have enough nous to change a config
file if they don't like the default rather than forgo the upgrade.
Maybe I misunderestimate folks.
> I am not gung-ho about changing the default at all. My reasoning is
> that application-specific passwords are fairly bad security devices to
> start with. Failing to cache them by default would be trying to make up
> for their weaknesses by imposing policies which users won't tolerate.
> We wouldn't be increasing practical security very much and we'd be
> pissing off users more.
Mot users I come across aren't really aware that they have
application-specific passwords. They have a password (maybe two) which
they only deviate from (by as little as possible) if password validation
when they first get an account refuses to accept it. Given this, not
doing our best to protect user passwords creates large risks of further
penetration once an unprotected password is discovered.
> I am particularly concerned about changing the default in 1.x, because
> of the potential for our users to see it as a downgrade.
On the other hand, gaining a reputation for bad security by the time you
get round to 2.0 wouldn't be a good thing either.
John
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 22:51:52 2005