[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion reveals passwords

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Sun, 06 Apr 2008 18:24:08 -0400

Hadmut Danisch <hadmut_at_danisch.de> writes:
> How many times does it have to be discussed until people finally
> understand that it is an absolute no-go to store passwords in plaintext
> without user consent?
> Telling that it has been discussed *many* times is not a statement
> that your point of view is correct. It is rather a statement that
> discussing is sort of pointless.
> I've seen the same arguments as in this discussion two weeks ago on the
> users mailing list. The arguments are wrong because they confuse the
> security on the wire and the authentication protocol with the security of
> local storage.
> Maybe I am rude when I tell that repeating a flaw a hundred times, it does
> not become correct or better in any way.
> On the contrary, it is an extremely bad habit of maintainers to claim that
> something is correct just because it has been discussed (and arguments have
> been ignored) so many times.
> Maybe the fact that this issue had been raised so many times should ring
> a bell.

Hadmut, please help us concentrate on finding a course of action that we
can actually take (as in, help us with the proposal for a new behavior).

The kind of mail you sent above will not result in anyone changing the
way they think.

Note I do not address the question of whether you are right or wrong.
My point is simply that this mail was absolutely useless. When you
disagree with someone, saying over and over "You're still wrong!
We're still disagreeing!" is a waste of your time and theirs. You have
to say *new* things, otherwise nothing will change.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 00:24:27 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.