On Fri, Jul 30, 2010 at 11:55 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote:
> No, it's harsh experience since version 1.2 (when I started helping > rebuild it and rebundle it for Dag's RPM repository, now RPMfoge). The > UNIX/Linux clients should *never* have been permitted to store > passwords. That's a genuinely unfortunate legacy from its heritage as And by the way: my spelling is not usually as bad as this note was. My RSI is flaring up, probably my own fault. I'm also harsh about OpenSSH's and SecureCRT's willingness to store unencrypted passphrases by default. I've had to chase down people doing so and explain the risks repeatedly, often the same sorts of programmers and developers whom I've had to explain the risks of Subversion's plaintext passwords to. The change in Subversion 1.6 to at least warning users about the passwords was a very positive and gratifying change, which I don't mean to discard.
