[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Fri, 18 Apr 2008 18:09:22 -0400

Eric Gillespie <epg_at_pretzelnet.org> writes:
> I'm mostly staying out of this, but I can't let this comment go
> by. The users who complain about this may be vocal, but I see no
> evidence they're not just a loud minority. Heck, I don't even
> think they're the loudest minority; that honor goes to those
> seeking "true tags", whatever those may be.

What would you consider evidence, though?

It's a serious question. Most of the evidence we gather for or against
any feature is anecdotal, after all.

In this case, I really think it's not just a matter of a vocal minority
-- pretty much every time I go to a conference, someone comes up to me
and says "Why did you folks default to storing plaintext passwords?"
Now, I'm sure the effect is amplified by it being such an easy thing to
complain about, and by everyone liking to look as though they've got
high standards about security. But it's so frequent, over so many
years, on our mailing lists and in person and in blog posts, that it's
hard to write it off as just a case of "the squeaky hinge gets the oil".

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-19 00:09:36 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.