Justin Erenkrantz wrote:
> On Fri, Apr 18, 2008 at 9:29 AM, Mark Reibert <svn_at_reibert.com> wrote:
>
>> >From an outsider's perspective, changing the default to not store the
>> passwords seems like a bit of a six in one, half dozen in the other
>> proposition. While I appreciate Karl's position that user's may think
>> about what they are doing more, I think Greg's comment that it "won't
>> change any realities" is likely very true.
>>
>> As soon as this patch gets implemented I will tell svn to store my
>> passwords. I suspect I am not in the minority in this.
>>
>
> Yup - this is why, IMO, we should be advocating *truly* secure
> mechanisms and not faux security.
Doesn't that sort of imply not storing plaintext passwords at all?
Personally that wouldn't worry me one bit; most of our users probably
don't use one of the "afflicted" systems, after all.
> If we make too big a deal out of
> this - given that Mac OS X and Windows users aren't affected,
Ehm, AFAIK we're still royally borked on all systems when it comes to
storing certs and/or cert passwords?
> it'll
> just confuse folks even more. If, say, Ubuntu comes with
> gnome-keyring (dunno - prolly), then I'm willing to bet the clear
> majority of users are already using acceptable security mechanisms.
> -- justin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-18 21:44:00 CEST