On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:
> On Sat, Oct 9, 2010 at 11:06 AM, Les Mikesell<lesmikesell_at_gmail.com> wrote:
>> On 10/9/10 8:39 AM, Nico Kadel-Garcia wrote:
>>>
>>> Look, Subversion inherited its practice of storing password in
>>> cleartext from its ancestor, CVS. It's been an uphill battle ever
>>> since to wallpaper over the practice: there are enough layers of
>>> wallpaper, finally, that it's almost thick enough to be a wall. It's
>>> fixed for TortoieSVN, and svn+ssh using SSH keys can work well.
>>
>> If you are going to rant, you should also point out that ssh keys without a
>> passphrase and agent to manage it are not really any different than a
>> file-stored password. If you can copy the private side of the identity key,
>> you can get access.
>
> Yeah, both Subversion and SSH share the flaw of *ALLOWING* such
> unprotected keys to be stored locally, with no special command line
> arguments or special settings, and impossible to compile out of the
> clients with the current source trees.
If they didn't, it would be impossible to do automated commands. There are
times when you have to choose between trusting the OS to protect your files
(which is, after all, one of its jobs) or not being able to do what you want.
--
Les Mikesell
lesmikesell_at_gmail.com
Received on 2010-10-09 20:05:47 CEST