Daniel Shahaf <danielsh_at_elego.de> writes:
> Philip Martin wrote on Fri, Feb 03, 2012 at 10:02:06 +0000:
>> Julian Foad <julianfoad_at_btopenworld.com> writes:
>>
>> > * Brings kwallet to the same behaviour as Gnome keyring.
>>
>> I've realised there is another difference in the current behaviour. The
>> way auth works is that Subversion records whether a particular provider
>> was used to store a particular password. The KDE provider will only
>> prompt to open the wallet when the auth data indicates that KDE was used
>> to store a particular password. The GNOME provider prompts to unlock the
>> keyring whenever any password is requested, before checking the auth
>> data to see if this particular password was stored in the keyring.
>>
>> I don't see any advantage to the GNOME behaviour, it looks more like a
>> bug than a feature.
>
> That behaviour is defensible. "Why should any random app I run know
> what passwords my keyring stores?"
>
> Compare how Subversion does not disclose the names of directories one
> doesn't have read access to.
Subversion does send the top-level names of trees that are excluded.
Even without that I'm not sure I understand. The user can also try
arbitrary names and get "access denied"; that would be similar to the
user trying arbitrary URLs to see whether it caused the keyring to be
unlocked.
--
uberSVN: Apache Subversion Made Easy
http://www.uberSVN.com
Received on 2012-02-03 11:39:37 CET