Malcolm Rowe wrote:
> On Fri, Sep 23, 2005 at 02:47:43PM +0100, Max Bowsher wrote:
>> Now do some operation with a 1.2 client which causes use of the password.
>> The auth cache file is rewritten to update it to the new format (addition
>> of a 'passtype' hash key), but because store-passwords = no, the password
>> is erroneously removed from the cache.
>
> That seems correct to me: with 'store-passwords = no', you're requesting
> that the client, well, not store passwords (or more correctly, to cease
> caching the password responses to server challenges). That the client
> doesn't proactively remove existing passwords from the cache when started
> with store-passwords=no is the real bug her, in my opinion (and no,
> not one worth worrying about either).
Regardless of your opinion about the definition of store-passwords, removing
a password from the cache purely as a side effect of a transparent upgrade
is *definitely* a bug.
In response to your opinion, I would like to note that I make extensive use
of 'store-passwords = no' to avoid accidentally caching important passwords,
whilst deliberately keeping a few low-value oft-used passwords cached.
Also, purging data as a side effect of a configuration option is far too
open to causing unpleasant surprises.
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 23 16:41:25 2005