Mark Mielke wrote:
> The Windows security model for Subversion satisfies me from a security
> perspective. If a patch to support "in memory" key rings for GNOME
> keyring were to be proposed for Subversion 1.6 and it was small, would
> anybody here have objections to the patch on principle?
Not in principle, but I'm confused. Why would you like to use in-memory
password store on Linux, but are satisfied with the way we store
encrypted passwords to disk on Windows?
[...]
> This sort of problem is often solved from the webpage using "cookies".
> Instead of sending the user + password with each request, a cookie is
> sent back to the client, and the client will send the cookie with
> future requests. The cookie is a standard fixed life time data
> structure that allows server side state to be maintained providing the
> appearance of a "session" to the user. If they logged in 10 minutes
> ago from the same environment, why should they need to login again?
Your definition of "security" must be somewhat different from mine if
you propose to replace per-request authentication with cookies, which
are notoriously susceptible to replay attacks.
[...]
> what level of technology does the US government believe the user
> should be allowed to see?).
You'll have to explain a bit more why you think this community should
cater to corporate interests that find it beneficial to indulge in
big-brother policies according to whatever is the whim-of-the-day of
some government that has no jurisdiction in most places where Subversion
is used. If someone wants such a feature, they can damn well pay premium
consulting fees for a customized Subversion server and keep this
version-control project blissfully ignorant of local politics that do
not concern the rest of us.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-11-02 20:26:31 CET