[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2005-01-05 22:26:34 CET

--On Wednesday, January 5, 2005 4:17 PM -0500 Greg Hudson <ghudson@MIT.EDU>

> The more disturbing scenario is that people (or distributions) stay at
> svn 1.1 because of a perceived decrease in the usability of 1.2.
> I am not gung-ho about changing the default at all. My reasoning is
> that application-specific passwords are fairly bad security devices to
> start with. Failing to cache them by default would be trying to make up
> for their weaknesses by imposing policies which users won't tolerate.
> We wouldn't be increasing practical security very much and we'd be
> pissing off users more.
> I am particularly concerned about changing the default in 1.x, because
> of the potential for our users to see it as a downgrade.

My thoughts exactly: I'd be fine with altering this in 2.0 (preferably with
a bundled svn-agent a la ssh-agent), but certainly not for 1.x. -- justin

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 22:28:23 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.