[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AW: [Issue 4145] Master passphrase and encrypted credentials cache

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Fri, 23 Mar 2012 10:41:36 -0400

On 03/23/2012 10:28 AM, Markus Schaber wrote:
> Hi,
>
> Just my 5 ct:
>
> On 03/22/2012 01:02 PM, Daniel Shahaf wrote:
>>> Is it now time to review the design doc on the wiki? I've been
>>> assuming it's WIP as I haven't seen a dev@ mail about this feature.
>
>> Review on the design doc is welcome, yes. I started to explicitly
>> solicit as much, but I found myself in one of those situations where
>> you feel you can't adequately describe implementation specifics because
>> you're still picking through the existing code base. I didn't want to
>> ask folks to review the design only to hear, "Looks good, but how will
>> it work" with me unable to really answer that question. So, if/as you
>> read the wiki page, you may find that some stuff is self-contradictory,
>> unfinished, vague, etc. That's just my ignorance of the authn codebase
>> showing through.
>
> For this to be usable, we'll need some kind of agent which can live
> longer than individual processes. Otherwise, command line work will be
> nearly unusable.

I hear ya. Please read the design doc:
http://wiki.apache.org/subversion/MasterPassphrase

Folks on Windows and MacOSX can have their master passphrases cached in the
OS-provided crypto stores. GNOME keyring and KDE kwallets users on Unix can
get the same. And with the new GPG-Agent support in 1.8, there's that
option for medium-term-but-non-permanent caching, too.

But even folks who don't have those options available a) won't be forced to
use the master passphrase construct at all, and b) if they do use it, will
need only supply a single master passphrase at the command-line. I dunno
about you, but I'd much rather run 'svn update ~/projects/*' and have
Subversion prompt me *once* for a master passphrase than what it does today,
which is prompt me for credentials on each and every working copy in that
directory, nearly all of which come from different servers with different
credentials. 

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on 2012-03-23 15:42:21 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.