On Tue, Jan 04, 2011 at 09:25:11PM -0500, Nico Kadel-Garcia wrote: > This is a very large and longstanding issue for me and others, and has > led to clients of mine rejecting Subversion outright. And it looks > like a legacy of Subversion's re-implementation of CVS, described as > "CVS done right". CVS security was even worse.
Whenever you bring this up (and you do that *a lot*), you always gloss over improvements made since. Namely the default behaviour of asking the user for consent before saving a password in plaintext, and the addition of gnome-keyring and kwallet password stores with encryption. Note that the gpg-agent branch will also get another chance after all. And yes, I know that none of these apply to RHEL4 systems your clients are using, but that's beside the point. I'd be glad if you mentioned these improvements when telling others about this misfeature (yes, I also think it was wrong, but there was no better alternative at the time), at least somewhere in the fine print. Otherwise you make it sound as if the project didn't care, which isn't true. Thanks, Stefan
