subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?
Date Sat, 20 Jul 2019 13:50:33 GMT
On Sat, 20 Jul 2019, 11:51 Stefan Sperling, <stsp@elego.de> wrote:

>
> But as a user I find it infuriating when software I use contains
> artificial restrictions like this.



We recently disabled plaintext password storage (by default) in the build
configuration, making it effectively unavailable to users who don't build
from source. The rationale for that decision was the same as for not
permanently trusting certs with unknown failures.


We should assume our users know
> what they are doing. Subversion

is not a web browser.
>


I will refrain from spelling out the snide remark that immediately comes to
mind. :)

What we *should* do is use any platform APIs available for cert validation,
as I already mentioned on the other thread in my response to Evgeny's
commit. One might wish that OpenSSL through Serf took care of that, but
unfortunately it does not, so it's up to us. Given the growing popularity
of Let's Encrypt's server certs with 3 months validity, the potential for
user infuriation may be growing quite quickly.

-- Brane

>

Mime
View raw message