Greg Hudson <ghudson@MIT.EDU> writes:
> The more disturbing scenario is that people (or distributions) stay at
> svn 1.1 because of a perceived decrease in the usability of 1.2.
>
> I am not gung-ho about changing the default at all. My reasoning is
> that application-specific passwords are fairly bad security devices to
> start with. Failing to cache them by default would be trying to make up
> for their weaknesses by imposing policies which users won't tolerate.
> We wouldn't be increasing practical security very much and we'd be
> pissing off users more.
I pretty much agree with Greg.
Everyone will just set their configuration to cache authn info anyway
(after getting annoyed and taking the time to figure that out), and
we'll be right back where we were before. Except that now we'll be
able to point our fingers at the users and say "See, they chose to do
it, so it's their responsibility now."
End result: a moment of annoyance, a bootless shifting of blame, and
basically the same security people had before.
I think it's better to simply document authn caching, as we do, and
let the security-conscious turn it off if they want.
(Of course, when I say "everyone", I'm exaggerating. I just mean the
vast majority of users.)
> I am particularly concerned about changing the default in 1.x, because
> of the potential for our users to see it as a downgrade.
+1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 23:36:54 2005