On Aug 23, 2009, at 12:08, Nico Kadel-Garcia wrote:
> On Sat, Aug 22, 2009 at 3:22 PM, Sam Carleton wrote:
>> I need to setup a whole new repository:
>> https://<domain>/repos/<something new>
>> What are the commands to do that?
> The command is "don't". The handling of HTTP or HTTPS passwords by
> storing them as clear-text in $HOME/.subversion/auth/ is such an
> amazingly poor design decision that such access should only be used
> for repository browsing of anonymous repositories, and write access
> via HTTPS should be replaced with svn+ssh wherever feasible.
I see you have some strong feelings against https and for svn+ssh.
Four days ago, Andrey Repin posted his strong feelings against svn
+ssh and for https:
There are advantages and disadvantages to each of the available ways
to serve a repository, so let's assume that Sam has already evaluated
them and decided that he wants to use https.
For the record, Subversion does not store clear-text passwords in
$HOME/.subversion/auth anymore if possible. As of Subversion 1.2, on
Windows 2000 or greater, stored passwords are encrypted . As of
Subversion 1.4, on Mac OS X, passwords are stored in the Keychain
. And as of Subversion 1.6, on UNIX-like systems, KWallet and
GNOME Keyring can be used, and if all of these methods are not enough
and a password still cannot be stored in a secure way, then a big
warning is now printed .
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-23 22:04:05 CEST