[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: <rbb_at_rkbloom.net>
Date: 2003-01-16 18:07:23 CET

<Last response from me on this.>

I agree with everything in this message. I will be working on patches to
implement it, but they will come slowly.

On 16 Jan 2003, Karl Fogel wrote:
> .....
> I feel like what I'm saying is not controversial; yet somehow people
> keep coming back with slightly orthogonal responses. Is there
> anything unreasonable in the statement
>
> Subversion should offer at least the same range of
> security/convenience tradeoffs as CVS does.

There is nothing unreasonable in that statement. The only remaining
question is what the default should be, which is where a big portion of
the discussion has been. If we get svn-agent working, then the default
for ra_dav can be to store the password on disk, because we have an easy
way to make auth caching secure. If we don't get svn-agent working, then
the default should be not storing the password on disk, because there is
no easy way to make authentication caching secure. All my opinion of
course.

(Honestly, this conversation got out of hand.)

Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:54:34 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.