[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: Justin Erenkrantz <jerenkrantz_at_apache.org>
Date: 2003-01-14 02:48:13 CET

--On Monday, January 13, 2003 18:16:42 -0600 Karl Fogel
<kfogel@newton.ch.collab.net> wrote:

> I thought our current default was fine too, until I read Ryan's
> example about tarring up a working copy and handing it to someone
> else. People do that all the time in CVS, and they'll assume they can
> do it with Subversion too (no matter how many flashing signs we put in
> the docs). The perms won't protect anything once it's in the tar
> file.

My point is thus: stop storing the auth in the WC, rather it should be
somewhere in ~/.subversion/. This fixes this real complaint. The arg
switches and the rest of this thread is merely trying to workaround the
real problem. If the auth cache isn't in your WC, I'm not sure that the
security concerns are as valid.

Hey, this is a great place for the repository UUID. =) -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 02:49:02 2003

This is an archived mail posted to the Subversion Dev mailing list.