Marc Schoechlin <ms_at_256bit.org> writes:
> we are using subversion for administration purposes and we really
> dislike that subversion stores password as default.
>
> From my point of view storing of passwords per default is not a good
> idea because:
>
> * unix systems are often shared environments
> (subversion cleartext passwords can be abused on other services
> with the same passwords)
> * new subversion users do not expect that their password is stored
> in readable format in the filesystem
> * system administrators cannot be sure that their users don´t forget
> * to disable password storing by executing:
> ---
> svn info && echo 'store-passwords = no' >> ~/.subversion/config
> ---
> => this is especially important if you use subversion on shared
> accounts like "root" (for system administration purposes)
> * it´s a good idea to make "more secure" settings to be default
>
> Therefore i think it is a good idea to disable password storing as
> default or to prompt the user for storing passwords.
>
> What do you think about this ?
This will be fixed in Subversion 1.6. See
http://svn.collab.net/viewvc/svn?view=rev&revision=31046
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-05 18:10:42 CEST