Re: [PATCH] don't store plain-text passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 17 Apr 2008 13:06:29 -0400

"David Glasser" <glasser_at_davidglasser.net> writes:
> Hmm. Am I the only one who is concerned by the compatibility
> implications of this change? I'm sure that the web and organization's
> HOWTOs are full of "run this command, type your password, and it'll
> remember it for the future" statements. These all become false.
>
> I'd be very happy to see it with storing passwords as the default, though.

If we ever make this change, we will face this compatibility issue. I
don't think that becomes any less true if we wait for 2.0 vs 1.6 or
whatever.

I think it's acceptable to render those pages false, to achieve better
default security. Note: "acceptable", not "lovely".

If we decide it's not acceptable, then we can never change this
behavior, I guess.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 19:06:54 CEST

This message: [ Message body ]
Next message: Karl Fogel: "Re: How to build an expected_status to check against unversioned items?"
Previous message: Karl Fogel: "Re: [PROPOSAL] how to implement 'svn obliterate'"
In reply to: David Glasser: "Re: [PATCH] don't store plain-text passwords by default"
Next in thread: Greg Hudson: "Re: [PATCH] don't store plain-text passwords by default"
Reply: Greg Hudson: "Re: [PATCH] don't store plain-text passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]