On 04/16/2012 09:53 PM, Thomas Åkesson wrote:
>> Yeah, I hear you about the OS X user point of view. At this point, I'm
>> fairly convinced that for Windows and OS X, the use-master-password feature
>> will be less frequently used. (It will be off by default on all OSes.)
>
> AFAIK, both Kwallet and Gnome Keyring require a graphical desktop and to
> a large extent lack command line tools. Is that kind of the core problem
> here?
That is certainly part of the problem. I was able to figure out how to get
GNOME Keyring working in a non-GUI environment, and CollabNet provides some
command-line tooling for that agent, too, but users would really prefer that
stuff just work out of the box.
> I would like to see a non-graphical implementation of the Secret Service
> API with a solid CLI. That would merit a project in itself, separate from
> Subversion (e.g. Apache Keywhatever). It seems like Dbus can be used
> either with a daemon or more light-weight with just libdbus. Are there
> any OS with pressing need for Subversion password storage that does not
> have libdbus?
I'm not aware of any -- I mean, I assume the *BSDs all have libdbus support.
> Alternatively, if there is a determination to implement encrypted storage
> within the Subversion project, how about basing that "module" on the
> Secret Service API, with or without libdbus?
> - All Subversion's requests for secrets done with the same API,
> untangling the code.
> - Internally stored secrets are just returned by the module
> (non-graphical POSIX-systems and potentially Windows).
> - Secrets stored in Gnome Keyring/Kwallet are requested using their
> Secret Service implementation, which is simply relaying the API calls.
> - Keychain is wrapped by the module. Not sure how difficult it is to map
> Keychain and the Secret Service API, but it would be a bit surprising if
> it turns out to be impossible.
In theory, I'm okay with this. Where is Secret Service today in terms of
implementation, real-world usage, etc? Are you volunteering to join the
coding effort?
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2012-04-17 21:26:42 CEST