Am Wed, 19 Jan 2022 20:08:06 -0600 schrieb Karl Fogel <kfo...@red-bean.com>:
> 2) Disable plaintext passwords in default runtime configuration. > Users can re-enable it in their configuration when they want > it. > But when no safe mechanism is available, then 'svn authn' will > print the big warning message The latter would happen with the default config, right? And the config setting would just disable the warning? I think it would be useless/overbearing nagging otherwise. > Notice that, in practice, users will only be steered to 'svn > authn' when there is no safe mechanism available I'll have to learn about how to use gpg-agent for this, for example. That might be workable for interactive cases. But I did not miss this dearly so far. I manage permissions server-side and thus have effectively machine-passwords for automated cases, and if somebody captures such, any bad actions are nicey documented on the server. (And if someone captures my running client's login session, as opposed to an encrypted backup, the safe password store is also lying open to any intruder.) A more interesting feature for long-term security of sensitive repository contents would be commit signing (easily added using properties?) that enables for example a cryptographic check of the complete history of code used in a CI/CD pipeline. You still would have your automated commits with those stored passwords, but they won't have signatures. Then, it would be a nice feature to be able review/sign those afterwards. But back on topic: Yes, please make use of simple password storage usable for everyone again. The use cases are real. Alrighty then, Thomas -- Dr. Thomas Orgis HPC @ Universität Hamburg
