On 10. 3. 26 18:19, Timofei Zhakov wrote:
On Tue, Mar 10, 2026 at 5:19 PM Johan Corveleyn<[email protected]> wrote:
Not looking for any action per se, but I thought I'd highlight again
that, apart from "pristines-on-demand" and other nice features and
improvements, we'll also be bringing back plaintext password caching
support on unix-like systems in 1.15.0 (previously disabled at compile
time).
As explained in [1]: "In Subversion 1.12 through 1.14, write access to
the Plaintext cache was disabled by default at compile-time. [...]
Unfortunately, this has caused a variety of problems for users,
especially when using the svn client in unattended processes such as
CI systems, or on remote machines through ssh [...] Based on the
feedback received, Subversion 1.15 inverts the default. [...] Sites
that wish to eliminate this possibility can do [... compile-time
disable flag; set up encrypted stores such as GNOME Keyring or KWallet
]"
I'm highlighting it because it might be a little contentious /
surprising, and perhaps it has been forgotten a bit because the
discussions took place years ago [2]. To reiterate, I don't think
anything special is needed, but if anyone now gets an eery feeling
that we probably should do something more about it (e.g. introduce a
simple obfuscator for those plaintext pwd's or whatever), "speak now
or forever hold your peace" ;-)
[1]https://subversion-staging.apache.org/docs/release-notes/1.15.html#plaintext-passwords-supported
[2]https://lists.apache.org/thread/b6g2hx2m3s117wcmno08opl874ons3q8
https://lists.apache.org/thread/p2vn6foj8qz3lfvdl70bs62vg5krcgr7
https://lists.apache.org/thread/4skymgjtwozjl8gd9m14jnkqq1wf77bo
--
Johan
I wouldn't consider myself an expert in this topic, but I think there
should be a way to at least force a plaintext store. I could imagine
adding for example `svn something --allow-plaintext-passwords`.
I used to run into this problem myself and ended up running a script
<./tools/client-side/store-plaintext-password.py> that basically does
the job.
We have configuration files and --config-option, to that's covered. It
should be fine to enable plaintext passwords during compilation and
disable them in the default configuration.
I think any kind of non-cryptographically secure password obfuscation
gives a false sense of security. In this case it might be better to
explicitly show "hey your passwords are here and anyone can steal
them".
Yes, that was the reasoning behind our stubbornly refusing to add
useless obfuscation despite years of misguided feature requests.
-- Brane
