[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2003-01-14 18:19:08 CET

<rbb@rkbloom.net> writes:
> That's fine, but I won't implement it. I disagree with this solution, and
> you are making a rather large assumption about being able to sniff the
> network. I only use SVN over SSL, because of the ability to sniff the
> password off the wire. Also, there is the ability to implement digest
> authentication to resolve that problem.

Would you be willing to implement it with the other default (that is,
the conservative one, which you prefer?) I won't pretend that the
list might not discuss it some more, and later decide to tweak that
default... But that property is true symmetrically of any solution: if
someone implemented default "on" auth caching, and we later decided to
become more conservative, then tweaking it to "off" would be a two
second change as well.

In other words, the main portion of this task is *not* the choosing of
the default, and anyway the default may be changed back and forth N
times before release.

So if you're in general unwilling to implement a feature whose default
behavior might get changed later, well, that's going to rule out a lot
of Subversion work for you, which would be a pity :-(.

Reconsider?

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 19:05:25 2003

This is an archived mail posted to the Subversion Dev mailing list.