On Thu, Apr 17, 2008 at 02:22:28PM +0200, Stefan Sperling wrote:
> On Wed, Apr 16, 2008 at 04:28:52PM -0400, Karl Fogel wrote:
> > If there is a config option for remembering passwords by default, then
> > there needs to be a command-line option to not remember (use case: user
> > feels that most repository passwords are not sensitive, but this one
> > repository she's checking out today *is* sensitive, or the password
> > she's using for it is shared with something else, or whatever).
>
> Isn't that what --no-auth-cache is for?
Answering to myself:
Well, sort of. --no-auth-cache would also supress storing of
server certificates, though. So a new option would be nice, BUT:
Karl,
while I agree that your use case is likely to occur, I think adding
another command-line option is not the way to solve this. Because this
would mean that something like --dont-remember-plaintext-passwords
would have to be passed to *every* invocation of svn, to make sure
"store-plaintext-passwords = yes" in the config file is overridden
at all times. I don't think people will want to do that.
What might be a better idea (courtesy of Mark Phippard) is allowing
users to also specify "store-plaintext-passwords = yes" on a per-server
basis in ~/.subversion/servers. The same setting in
~/.subversion/config would apply to all servers automatically though.
Do you agree?
And by the way, I've put this patch + a few fixes on a branch now,
so we can add further improvements there without disturbing trunk:
https://svn.collab.net/repos/svn/branches/dont-save-plaintext-passwords-by-default/
--
Stefan Sperling <stsp_at_elego.de> Software Developer
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
- application/pgp-signature attachment: stored
Received on 2008-04-17 17:03:36 CEST