[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1151069 - /subversion/trunk/subversion/libsvn_subr/gpg_agent.c

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 26 Jul 2011 15:56:17 +0300

stsp_at_apache.org wrote on Tue, Jul 26, 2011 at 12:11:06 -0000:
> Author: stsp
> Date: Tue Jul 26 12:11:05 2011
> New Revision: 1151069
>
> URL: http://svn.apache.org/viewvc?rev=1151069&view=rev
> Log:
> * subversion/libsvn_subr/gpg_agent.c: Add a comment that explains how this
> auth cache provider operates, including security considerations.
>
> Modified:
> subversion/trunk/subversion/libsvn_subr/gpg_agent.c
>
> Modified: subversion/trunk/subversion/libsvn_subr/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?rev=1151069&r1=1151068&r2=1151069&view=diff
> ==============================================================================
> --- subversion/trunk/subversion/libsvn_subr/gpg_agent.c (original)
> +++ subversion/trunk/subversion/libsvn_subr/gpg_agent.c Tue Jul 26 12:11:05 2011
> @@ -23,6 +23,36 @@
>
> /* ==================================================================== */
>
> +[four paragraphs of documentation comment]

Looks good :)

> + * Therefore, while the gpg-agent is running and has the password cached,
> + * this provider is no more secure than a file storing the password in
> + * plaintext.

Should the gpg-agent provider implement a "plaintext prompt" password
that explains this and asks the user's permission to do so?
Received on 2011-07-26 14:57:06 CEST

This is an archived mail posted to the Subversion Dev mailing list.