[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 17 Apr 2008 13:06:29 -0400

"David Glasser" <glasser_at_davidglasser.net> writes:
> Hmm. Am I the only one who is concerned by the compatibility
> implications of this change? I'm sure that the web and organization's
> HOWTOs are full of "run this command, type your password, and it'll
> remember it for the future" statements. These all become false.
> I'd be very happy to see it with storing passwords as the default, though.

If we ever make this change, we will face this compatibility issue. I
don't think that becomes any less true if we wait for 2.0 vs 1.6 or

I think it's acceptable to render those pages false, to achieve better
default security. Note: "acceptable", not "lovely".

If we decide it's not acceptable, then we can never change this
behavior, I guess.

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 19:06:54 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.