[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r30723 - in branches/dont-save-plaintext-passwords-by-default: . subversion/include subversion/libsvn_subr subversion/svn

From: Travis <svn_at_castle.fastmail.fm>
Date: Tue, 22 Apr 2008 09:16:08 -0500

On Apr 22, 2008, at 4:41 AM, Stefan Sperling wrote:
> On Mon, Apr 21, 2008 at 10:50:25PM +0200, Stefan Sperling wrote:
>> On Mon, Apr 21, 2008 at 10:44:19AM -0700, David Glasser wrote:
>>> On Mon, Apr 21, 2008 at 6:31 AM, C. Michael Pilato
>>> <cmpilato_at_collab.net> wrote:
>>>> Stefan Sperling wrote:
>>>>> On Sun, Apr 20, 2008 at 04:42:56PM -0700, David Glasser wrote:
>>>>>> Hmm, why not just have the "global" servers section be the normal
>>>>>> place to configure this? Why use the other config file at all?
>>>>> Because most users will look at the 'config' file first, I guess.
>>>>> Also, there, it's right next to 'store-passwords'.
>>>>> The docstrings reference each other, so I think it's sorta OK...
>>>>> The other idea I had was to have the option be valid in both
>>>>> the config file and the servers file [global] section, and
>>>>> have svn print a warning when the two disagree and fall back
>>>>> to 'prompt'. But I discarded that as overkill.
>>>> That we ever had the store-passwords option in the 'config'
>>>> file instead of
>>>> in the 'servers' file (bound to RA-related things) might have
>>>> been a
>>>> mistake. Let's evaluate the correct location for this new
>>>> option without
>>>> concern for the dubious decisions of the past.
>>> +1
>> Right, so if we stored 'store-plaintext-passwords' in 'servers' only,
>> we should also move 'store-passwords' and 'store-auth-creds' to
>> 'servers'.
>> That is, the whole [auth] section of the 'config' file will go to the
>> 'servers' file, with a comment in 'config' informing users about
>> the move.
>> Agreed?
> ...
> Does anyone oppose moving the whole [auth] section from 'config' to
> 'servers' for consistency?

Yay, please do. Having it in 'config' always struck me as wrong
because there's no reason I necessarily want to have the same
settings when accessing all servers. I might want to prevent store-
auth-creds for some specific servers (high security, very infrequent
use) but allow it for my workaday projects (it's almost impossible to
do without when using the command-line client).

Also, simply looking for the settings, it's more natural to look in
'server' for the [auth] settings since those are all about
credentials for communication with a given server, like the http-
proxy-* and ssl* settings. For my apache/dav served repositories,
the repository itself has no authentication/authorization information.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-22 16:36:27 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.