subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: svnserv + ssh + ldap
Date Sat, 31 Jul 2010 12:18:37 GMT
On Fri, Jul 30, 2010 at 11:55 PM, Nico Kadel-Garcia <nkadel@gmail.com> wrote:

> No, it's harsh experience since version 1.2 (when I started helping
> rebuild it and rebundle it for Dag's RPM repository, now RPMfoge). The
> UNIX/Linux clients should *never* have been permitted to store
> passwords. That's a genuinely unfortunate legacy from its heritage as

And by the way: my spelling is not usually as bad as this note was. My
RSI is flaring up, probably my own fault.

I'm also harsh about OpenSSH's and SecureCRT's willingness to store
unencrypted passphrases by default. I've had to chase down people
doing so and explain the risks repeatedly, often the same sorts of
programmers and developers whom I've had to explain the risks of
Subversion's plaintext passwords to. The change in Subversion 1.6 to
at least warning users about the passwords was a very positive and
gratifying change, which I don't mean to discard.

Mime
View raw message