[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Encrypting ~/.subversion/auth on Windows

From: Travis P <svn_at_castle.fastmail.fm>
Date: 2004-11-13 15:22:21 CET

On Nov 12, 2004, at 6:45 PM, Marcus Rueckert wrote:
> we already joked on #svn about svn-agent. similar to ssh-agent it will
> store the pass until you kill it. it would be fine for most people
> imho.

On Nov 12, 2004, at 7:02 PM, Ben Collins-Sussman wrote:
> Until we get something like an 'svn-agent' daemon written, there will
> never be a "secure" caching solution. And many svn users already
> recognize this. (For example, a number of our customers simply
> disable svn password caching altogether.)

Yes, the "svn-agent" option was discussed at some length on the user's
list in August:
     Look for "Credentials Caching" thread at the end of the month
     http://svn.haxx.se/users/archive-2004-08/

It's just a matter of someone with the time and skill to implement it
well.

Karl wrote this then and it still applies:

kfogel_at_collab.net wrote:
> Travis P <svn_at_castle.fastmail.fm> writes:
>> It can lead to something entirely sensible like ssh-agent or AFS
>> tokens.
>> The key is then cached in memory only (locked, non-pageable memory if
>> the OS allows for that).
>
> Yes -- we've talked about doing that, it's just that it's a
> non-trivial project.
> ...
> No one disagrees, it's just a question of priorities.

Cheers,
Travis

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 13 15:23:00 2004

This is an archived mail posted to the Subversion Dev mailing list.