[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Thu, 17 Apr 2008 13:11:14 -0400

On Thu, 2008-04-17 at 13:06 -0400, Karl Fogel wrote:
> If we ever make this change, we will face this compatibility issue. I
> don't think that becomes any less true if we wait for 2.0 vs 1.6 or
> whatever.

Yes, but the compatibility expectations of a 2.0 release are lessened.

Fundamentally, people are going to save their passwords if they don't
have an acceptably convenient alternative. Keyring-type solutions are
acceptably convenient; retyping your password for every network command
is not. We can change the default, but it's not going to make anyone's
usage scenario more secure than it is now. It might change a few
perceptions, but it won't change any realities.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 19:11:35 CEST

This is an archived mail posted to the Subversion Dev mailing list.