[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: Fri, 18 Apr 2008 11:13:53 +0200

On Fri, Apr 18, 2008 at 9:29 AM, Mark Reibert <svn_at_reibert.com> wrote:
> >From an outsider's perspective, changing the default to not store the
> passwords seems like a bit of a six in one, half dozen in the other
> proposition. While I appreciate Karl's position that user's may think
> about what they are doing more, I think Greg's comment that it "won't
> change any realities" is likely very true.
> As soon as this patch gets implemented I will tell svn to store my
> passwords. I suspect I am not in the minority in this.

Yup - this is why, IMO, we should be advocating *truly* secure
mechanisms and not faux security. If we make too big a deal out of
this - given that Mac OS X and Windows users aren't affected, it'll
just confuse folks even more. If, say, Ubuntu comes with
gnome-keyring (dunno - prolly), then I'm willing to bet the clear
majority of users are already using acceptable security mechanisms.
-- justin

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-18 11:14:07 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.