Hi, Could we make the svn password encrypted by default by setting the ./subversion/servers entry 'store-plaintext-passwords' to 'no'?
Currently, setting up password encryption requires digging through the docs, and it's tempting, especially for casual users, to avoid that effort by storing the password in clear text. Whilst people shouldn't do that, there is just so much software and so little time, and all too often, 'I'll do that later' never happens. Even if the user sets up password encryption, the previously created clear text password will sit around until they realise this problem and find and delete that file. I think that making passwords encrypted by default and requiring work to be 'unsafe' is a good solution here. Or maybe, the ability to store clear text passwords ought to be removed all together. Also, it might be an idea that once the password for a particular user is changed from clear text to encrypted, that the corresponding clear text file is automatically removed; and that people who upgrade their svn and still use a clear text passwords are prompted with the offer of an automatic fix that encrypts their current clear text passwords, and then removes the old clear text files, but gives them a chance of making a note in case they long forgotten their passwords. What do you think? regards, Gabriela -- Visit my Coding Diary: http://gabriela-gibson.blogspot.com/
