Re: [PATCH] default to --no-auth-cache

From: Justin Erenkrantz <jerenkrantz_at_apache.org>
Date: 2003-01-14 02:48:13 CET

--On Monday, January 13, 2003 18:16:42 -0600 Karl Fogel
<kfogel@newton.ch.collab.net> wrote:

> I thought our current default was fine too, until I read Ryan's
> example about tarring up a working copy and handing it to someone
> else. People do that all the time in CVS, and they'll assume they can
> do it with Subversion too (no matter how many flashing signs we put in
> the docs). The perms won't protect anything once it's in the tar
> file.

My point is thus: stop storing the auth in the WC, rather it should be
somewhere in ~/.subversion/. This fixes this real complaint. The arg
switches and the rest of this thread is merely trying to workaround the
real problem. If the auth cache isn't in your WC, I'm not sure that the
security concerns are as valid.

Hey, this is a great place for the repository UUID. =) -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 02:49:02 2003

This message: [ Message body ]
Next message: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Previous message: Karl Fogel: "Re: svn commit: rev 4374 - in trunk/subversion: include libsvn_wc libsvn_subr"
In reply to: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Next in thread: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Reply: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]