On Tue, Oct 19, 2010 at 9:46 AM, Stephen Connolly <stephen.alan.conno...@gmail.com> wrote: > Exposing the feature would not in an of itself force the client to use > the keyring, but it would allow the server to have a start-commit hook > that blocked a commit if the user had plaintext password storage > enabled...
Just keep in mind that alerting users with start-commit hook only works for users that actually commit of course. You won't reach users that merely checkout/update/log/blame/... It might be a better solution to implement this check in a lower level, in the ra-protocols (naïvely, e.g. with http(s): client sends with every request a header announcing the way it stores its password). Of course, you'd like to do this without adding too much overhead (handshaking, ... for every tiny request that the client makes to the server). Maybe there is already some functionality present for protocol/feature negotiation, I don't know ... Just my 0.02€ Cheers, -- Johan
