[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to create a new repository

From: Ryan Schmidt <subversion-2009b_at_ryandesign.com>
Date: Sun, 23 Aug 2009 15:03:06 -0500

On Aug 23, 2009, at 12:08, Nico Kadel-Garcia wrote:

> On Sat, Aug 22, 2009 at 3:22 PM, Sam Carleton wrote:
>> I need to setup a whole new repository:
>> https://<domain>/repos/<something new>
>> What are the commands to do that?
> The command is "don't". The handling of HTTP or HTTPS passwords by
> storing them as clear-text in $HOME/.subversion/auth/ is such an
> amazingly poor design decision that such access should only be used
> for repository browsing of anonymous repositories, and write access
> via HTTPS should be replaced with svn+ssh wherever feasible.

I see you have some strong feelings against https and for svn+ssh.
Four days ago, Andrey Repin posted his strong feelings against svn
+ssh and for https:


There are advantages and disadvantages to each of the available ways
to serve a repository, so let's assume that Sam has already evaluated
them and decided that he wants to use https.

For the record, Subversion does not store clear-text passwords in
$HOME/.subversion/auth anymore if possible. As of Subversion 1.2, on
Windows 2000 or greater, stored passwords are encrypted [1]. As of
Subversion 1.4, on Mac OS X, passwords are stored in the Keychain
[2]. And as of Subversion 1.6, on UNIX-like systems, KWallet and
GNOME Keyring can be used, and if all of these methods are not enough
and a password still cannot be stored in a secure way, then a big
warning is now printed [3].

[1] http://subversion.tigris.org/svn_1.2_releasenotes.html#win32-

[2] http://subversion.tigris.org/svn_1.4_releasenotes.html#keychain

[3] http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-23 22:04:05 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.