Re: svnserv + ssh + ldap

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 31 Jul 2010 08:18:37 -0400

On Fri, Jul 30, 2010 at 11:55 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:

> No, it's harsh experience since version 1.2 (when I started helping
> rebuild it and rebundle it for Dag's RPM repository, now RPMfoge). The
> UNIX/Linux clients should *never* have been permitted to store
> passwords. That's a genuinely unfortunate legacy from its heritage as

And by the way: my spelling is not usually as bad as this note was. My
RSI is flaring up, probably my own fault.

I'm also harsh about OpenSSH's and SecureCRT's willingness to store
unencrypted passphrases by default. I've had to chase down people
doing so and explain the risks repeatedly, often the same sorts of
programmers and developers whom I've had to explain the risks of
Subversion's plaintext passwords to. The change in Subversion 1.6 to
at least warning users about the passwords was a very positive and
gratifying change, which I don't mean to discard.
Received on 2010-07-31 14:19:16 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: svnserv + ssh + ldap"
Previous message: west alto: "Re: Possible corruption?"
In reply to: Nico Kadel-Garcia: "Re: svnserv + ssh + ldap"
Next in thread: Stefan Sperling: "Re: svnserv + ssh + ldap"
Reply: Stefan Sperling: "Re: svnserv + ssh + ldap"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]