subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <>
Subject [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato
Date Tue, 03 Jan 2012 16:28:42 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "EncryptedPasswordStorage" page has been changed by CMichaelPilato:

Generally describe the existing problem with our offering.

  === GPG Agent ===
  Subversion's 1.8-dev codebase currently offers an integration with GPG Agent, which is yet
another third-party cryptographic service provider.
+ == Concerns/Complaints ==
+ Subversion today doesn't force users to employ an encrypted storage mechanism for cached
credentials.  It will at least prompt users before caching a password in plaintext, but if
the answer is "no", then generally no caching happens at all.  There are a number of runtime
configuration gyrations which users can make to toggle related behaviors:  which keychain
services to attempt to use, whether passwords should be stored in plaintext or not ... or
at all, etc.  But enterprise Subversion administrators are looking for something more turn-key.
 Ideally, the decision to store passwords in plaintext should be taken out of the users' hands
altogether (such as is the case in Windows and Mac OS X), but at what cost?  At the cost of
not caching credentials at all?  At the cost of requiring custom-built Unix Subversion client
binaries with hard-coded encryption key "magic"?  At the cost of a hard requirement on one
of the third-party crypto keychain providers?

View raw message