On Tue, Apr 22, 2008 at 02:33:18PM -0400, Karl Fogel wrote:
> Stefan Sperling <stsp_at_elego.de> writes:
> > I will deprecate the old location in the comments, like this:
> >
> > "[auth]" NL
> > "### Set store-passwords to 'no' to avoid storing passwords in the" NL
> > "### auth/ area of your config directory. It defaults to 'yes'," NL
> > "### but Subversion will never save your password to disk in" NL
> > "### plaintext unless you tell it to (see below)." NL
> > "### Note that this option only prevents saving of *new* passwords;" NL
> > "### it doesn't invalidate existing passwords. (To do that, remove" NL
> > "### the cache files by hand as described in the Subversion book.)" NL
> > + "### NOTE: This option can now be specified in the 'servers' file" NL
> > + "### in your config directory. This location for this option has" NL
> > + "### been deprecated. Anything specified here is overridden by" NL
> > + "### settings specified in the 'servers' file." NL
> > "# store-passwords = no" NL
>
> +1, but put the deprecation notice at the top of the block, so people
> see it and then know that everything they read after that is about
> something deprecated anyway.
Yes, that's a good idea.
> > No, the code enforces this. But note that having all the [auth]
> > settings in 'servers' makes much more sense anyway, because
> > there, they can be configured on a per-server basis.
> >
> > It also aligns much more naturally with the layering, since
> > authentication is done only if the RA layer is entered anyway,
> > which has always been getting its configuration from 'servers'.
> >
> > The [auth] section in 'config' was a mistake, it would have
> > been much more natural to put it in 'servers' in the first place.
>
> Okay, I'm convinced.
>
> Might be good to do this deprecation/move on a separate branch, merge
> that to trunk, then incorporate into the dont-save-plaintext branch and
> DTRT. They're kind of separate changes, I think.
I've already done the move in my branch WC now, basically about to
commit the change, and I'm too lazy right now to untangle these two
admittedly separate topics. I hope that is OK? :)
--
Stefan Sperling <stsp_at_elego.de> Software Monkey
German law requires the following banner :(
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de CEO: Olaf Wagner
Store password unencrypted (yes/no)? No
- application/pgp-signature attachment: stored
Received on 2008-04-22 23:34:41 CEST