[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion reveals passwords

From: Lieven Govaerts <lieven.govaerts_at_gmail.com>
Date: Tue, 8 Apr 2008 11:00:23 +0200

On Mon, Apr 7, 2008 at 8:12 AM, <ghudson_at_mit.edu> wrote:
>
> 2. Implementing GNOME and KDE keychain support in the Subversion
> libraries would be a good thing in principle, but:
>
> - Good things don't automatically happen in free software; someone
> has to do the work.
>

I actually started adding Gnome keyring support to Subversion a few
days ago, in order to get my own passwords managed in a central
location. The basic functionality is only 10 lines of code and is
working without problems.

> - This one is twice as hard as most things because there are two
> APIs to code for rather than one.
>
> - Keychain APIs which are part of GUI library may be designed with
> the idea in mind that you are already a GUI app who has bought
> into that particular GUI. We've seen issues under OSX due to this
> assumption and we might see the same issues with the GNOME or KDE
> APIs. How do we know which keychain API is appropriate to invoke
> at run time, if any?

Are you talking about supporting different API versions? Or about
choosing between Keyring or KWallet ? My current approach is to make
it a configurable option, which has to be enabled explicitly, instead
of enabling by default as is the case for Keychain.

> Do they have ways of honoring
> --non-interactive? There might be clean answers to these
> questions or there might not.

Atleast for Keyring, I have not found a clear way to disable all user
interaction. One first has to allow an application to use the keyring,
and then, depending on how you logged in, provide your Keyring
password on every invocation of svn.

Now Keyring support is not something you use on a *nix server, so the
drawback of not supporting non-interactive script execution might be
limited.

I'll send a patch to the list as soon as I get the changes to
configure.ac finished.

Lieven

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-08 11:00:40 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.