Re: plaintext passwords - my 0.02c

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-18 17:18:14 CEST

Andy Levy wrote:

> IOW, because one feature of the system can't be trusted (protection
> passwords when using svnserve w/o ssh), the entire system cannot be
> trusted by Paul's management, even though one can use the system
> without even touching said feature.

It was one of my first reactions as well: When I've suggested here it's a
bad policy and should be avoided, some folks have carped "well, if you can't
trust the local machine, what are you doing running a server? noob."

> My snarky comeback to that is that I'll bet these same managers use IE
> with the default ActiveX settings, which is far worse than anything
> Subversion might expose them to.

Heh. But no need for this snark. The developers seem to actually be fixing
this, for which I'm very glad. Fortunately for us, the Subversion core
developers don't just slap patches in willy-nilly: they think about what
they're adding and what it solves, and whether it's worth it, so it takes
them a bit longer. And since Subversion now runs on so very many platforms,
I suspect this will take a bit more testing than a lot of patches.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 18 17:20:51 2006

This message: [ Message body ]
Next message: filo smith: "fs corruption, now back to rev 0"
Previous message: Les Mikesell: "Re: plaintext passwords - my 0.02c"
In reply to: Andy Levy: "Re: plaintext passwords - my 0.02c"
Next in thread: Paul J R: "RE: plaintext passwords - my 0.02c"
Reply: Paul J R: "RE: plaintext passwords - my 0.02c"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]