[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: plaintext passwords - my 0.02c

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-18 17:18:14 CEST

Andy Levy wrote:

> IOW, because one feature of the system can't be trusted (protection
> passwords when using svnserve w/o ssh), the entire system cannot be
> trusted by Paul's management, even though one can use the system
> without even touching said feature.

It was one of my first reactions as well: When I've suggested here it's a
bad policy and should be avoided, some folks have carped "well, if you can't
trust the local machine, what are you doing running a server? noob."

> My snarky comeback to that is that I'll bet these same managers use IE
> with the default ActiveX settings, which is far worse than anything
> Subversion might expose them to.

Heh. But no need for this snark. The developers seem to actually be fixing
this, for which I'm very glad. Fortunately for us, the Subversion core
developers don't just slap patches in willy-nilly: they think about what
they're adding and what it solves, and whether it's worth it, so it takes
them a bit longer. And since Subversion now runs on so very many platforms,
I suspect this will take a bit more testing than a lot of patches.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 18 17:20:51 2006

This is an archived mail posted to the Subversion Users mailing list.