Re: [PATCH] don't store plain-text passwords by default

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Thu, 17 Apr 2008 13:11:14 -0400

On Thu, 2008-04-17 at 13:06 -0400, Karl Fogel wrote:
> If we ever make this change, we will face this compatibility issue. I
> don't think that becomes any less true if we wait for 2.0 vs 1.6 or
> whatever.

Yes, but the compatibility expectations of a 2.0 release are lessened.

Fundamentally, people are going to save their passwords if they don't
have an acceptably convenient alternative. Keyring-type solutions are
acceptably convenient; retyping your password for every network command
is not. We can change the default, but it's not going to make anyone's
usage scenario more secure than it is now. It might change a few
perceptions, but it won't change any realities.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 19:11:35 CEST

This message: [ Message body ]
Next message: Karl Fogel: "Re: [PATCH] Test cases for deselecting sparse-directories (clean wc)"
Previous message: Lieven Govaerts: "Re: How to build an expected_status to check against unversioned items?"
In reply to: Karl Fogel: "Re: [PATCH] don't store plain-text passwords by default"
Next in thread: Karl Fogel: "Re: [PATCH] don't store plain-text passwords by default"
Reply: Karl Fogel: "Re: [PATCH] don't store plain-text passwords by default"
Reply: Stefan Sperling: "Re: [PATCH] don't store plain-text passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]