Re: Feature Request: clients shouldn't store auth-creds

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2005-01-05 22:17:22 CET

On Wed, 2005-01-05 at 15:39, Ben Collins-Sussman wrote:
> But we'd better be ready for a slew of newbies asking us how to make
> subversion stop asking for their password. I predict it will jump into
> the top 10 FAQs on the users@ list.

The more disturbing scenario is that people (or distributions) stay at
svn 1.1 because of a perceived decrease in the usability of 1.2.

I am not gung-ho about changing the default at all. My reasoning is
that application-specific passwords are fairly bad security devices to
start with. Failing to cache them by default would be trying to make up
for their weaknesses by imposing policies which users won't tolerate.
We wouldn't be increasing practical security very much and we'd be
pissing off users more.

I am particularly concerned about changing the default in 1.x, because
of the potential for our users to see it as a downgrade.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 22:18:39 2005

This message: [ Message body ]
Next message: Justin Erenkrantz: "Re: Feature Request: clients shouldn't store auth-creds"
Previous message: Peter N. Lundblad: "[Locking] svn up output"
In reply to: Ben Collins-Sussman: "Re: Feature Request: clients shouldn't store auth-creds"
Next in thread: Justin Erenkrantz: "Re: Feature Request: clients shouldn't store auth-creds"
Reply: Justin Erenkrantz: "Re: Feature Request: clients shouldn't store auth-creds"
Reply: John Pybus: "Re: Feature Request: clients shouldn't store auth-creds"
Reply: kfogel_at_collab.net: "Re: Feature Request: clients shouldn't store auth-creds"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]