[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: A strong WTF on compiling out plaintext password support by default?!

From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 7 Aug 2020 10:39:32 +0200

On Thu, Aug 06, 2020 at 06:56:55PM -0700, Robby Zinchak wrote:
> 2) Compiling my own subversion with the enable-plaintext-password-storage
> flag -- obviously insecure since there's no way I'll be able to keep up
> with software updates. And I've heard it's quite difficult to compile
> subversion, so that'll waste precious time I could be spending on something
> else that's actually productive for my business.
>
> 3) Finding an ubuntu package overlay by a third party, questionably
> insecure since now I have to trust an unofficial/unvetted third party with
> providing svn builds.
>
> 4) Bite the bullet and just switch to another VCS

5) Convince Ubuntu packagers to enable this feature.

Package maintainers can very easily re-enable this at compile-time.
It's a single extra flag to pass to during the 'configure' step.
I did exactly this on OpenBSD last year (commit shown below).

The real problem is that whatever Subversion's upstream default is, one
group of people is going to be unhappy. Everybody seems to expect their
own use case to work out of the box, failing to recognize that contradictory
requirements exist. There really isn't a one-size fits all solution to this.
We provide all the options, but packagers need to choose and take the necessary
steps to get the behaviour they want to provide to their users.

A recent example in a related project (TortoiseSVN) where people want the
exact opposite of what you want:
https://groups.google.com/forum/#!topic/tortoisesvn/V3rLLYZgeRA
In this case, the problem is that allowing people to easily sniff passwords
is considered a big no-no in a particular deployment, and means SVN might
get banned there. The behaviour was not changed; it is TortoiseSVN's choice
as the packager of these particular SVN binaries, and this needs to be
respected.

Do you know if Ubuntu made a decision to disallow plaintext passwords?
Perhaps they just missed the news that it has become a compile-time option?

Regards,
Stefan

https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/devel/subversion/Makefile
CVSROOT: /cvs
Module name: ports
Changes by: stsp_at_cvs.openbsd.org 2019/12/19 12:43:14

Modified files:
        devel/subversion: Makefile

Log message:
Re-enable support for storing plaintext passwords in Subversion.

Subversion has disabled saving of plaintext passwords by default
and a compile-time option is now required to enable this feature.
OpenBSD has always disabled this feature at run-time in /etc/subversion
and left users the choice to enable it in their configuration files.

Unfortunately, the alternative password stores, gnome-keyring and
KDE wallet, do not work in non-X11 environments. And the gpg-agent
password store is not persistent. So there is no better solution
for unattended SVN password authentication in non-X11 environments
on OpenBSD, or pretty much any UNIX-like system for that matter.

ok sthen@
Received on 2020-08-07 10:40:20 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.