> Putting a CVS password in the environment makes it available with no
> encryption at all to anyone who can run the ``ps'' command.
When accessing public repositories, there's no need to protect the
password. My note didn't make that clear enough, sorry.
> What's
> wrong with doing an interactive ``cvs login'' as the user the script is
> going to run as so the password is stored in ~/.cvspass?
I'd rather not muck with the (sic) encryption. I know I can login once,
and cut-and-paste the entry into the script-runner's passfile, but that's
more than a little bit hokey.
Come to think of it, isn't it time to bite the bullet and just get rid of
the password transliteration? It only provides a fall sense of security;
once you can read the .cvspass file, you can get the passwords. How about
adding something like this near the top of descramble()
if (str[0] == 'B')
return xstrdup (str+1);
Perhaps P for plaintext? I would then change scramble to output the B method.
I mean this seriously.
/r$
