[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato

From: Daniel Shahaf <danielsh_at_elego.de>
Date: Thu, 5 Jan 2012 03:16:16 +0200

Stefan Sperling wrote on Tue, Jan 03, 2012 at 23:27:33 +0100:
> On Tue, Jan 03, 2012 at 04:19:29PM -0000, Apache subversion Wiki wrote:
> > + === GPG Agent ===
> > + Subversion's 1.8-dev codebase currently offers an integration with GPG Agent, which is yet another third-party cryptographic service provider.
> > +
>
> Even though this auth provider has "GPG" in its name, there is no crypto
> involved. It is merely an in-memory cache of the password, in plaintext.
> The only advantage is that the password is not written to disk.
> See the "SECURITY CONSIDERATIONS" comment added in this commit:
> http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?r1=1151053&r2=1151069

I've added the magic number URL to docs/release-notes/1.8.html.
Received on 2012-01-05 02:17:03 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.