Author: hartmannathan
Date: Thu Apr 27 13:27:41 2023
New Revision: 1909457

In site/staging: Document r1909351 (plaintext cache supported by default)

* site/staging/docs/release-notes/1.15.html:
  (#plaintext-passwords-supported): New subsection.

Reviewed by: jcorvel (without HTML markup)


Modified: subversion/site/staging/docs/release-notes/1.15.html
--- subversion/site/staging/docs/release-notes/1.15.html (original)
+++ subversion/site/staging/docs/release-notes/1.15.html Thu Apr 27 13:27:41 
@@ -429,6 +429,67 @@ performance and reduced storage-level I/
      title="Link to this section">&para;</a>
+<div class="h4" id="plaintext-passwords-supported">
+<h4>Plaintext credential cache is supported by default on Unix-like systems
+  <a class="sectionlink" href="#plaintext-passwords-supported"
+     title="Link to this section">&para;</a>
+<p>Subversion supports several credential caches to prevent re-typing
+usernames and passwords repeatedly. Which credential cache(s) are used depends
+on the operating system, compile-time options, and the user's runtime
+configuration. On Windows and macOS, Subversion uses OS facilities to save
+passwords in encrypted form. Unix-like operating systems do not have a single
+standard facility to do this&semi; on these systems, Subversion supports up to
+four credential caches: GNOME Keyring, KWallet, GPG Agent, and (as a fallback)
+the Plaintext cache.</p>
+<p>The rest of this section discusses the Plaintext cache and is applicable
+only to Subversion clients running on Unix-like operating systems.</p>
+<p>In Subversion 1.12 through 1.14, write access to the Plaintext cache was
+disabled by default at <em>compile-time</em>. Binaries compiled in the default
+configuration could not store new plaintext credentials, but would continue to
+use any that were already stored. Users and binary packagers could explicitly
+enable write access to the Plaintext cache by compiling Subversion with the
+<tt>--enable-plaintext-password-storage</tt> option to <tt>configure</tt>.
+(See <a href="";>r1845377</a>.)</p>
+<p>Unfortunately, this has caused a variety of problems for users, especially
+when using the svn client in unattended processes such as CI systems, or on
+remote machines through ssh (a GUI password prompt would display on the remote
+machine, inaccessible to the ssh user). Users reported that they had to employ
+workarounds that caused passwords to be stored in plaintext anyway, or refused
+to upgrade their Subversion installations to these releases. Some binary
+packagers built with <tt>--enable-plaintext-password-storage</tt> while others
+didn't, creating inconsistent experiences within the same release lines.</p>
+<p>Based on the feedback received, Subversion 1.15 inverts the default. (See
+<a href="";>r1909351</a>.) Binaries compiled in
+the default configuration can once again store new plaintext credentials
+(after warning and asking the user). Sites that wish to eliminate this
+possibility can do one or both of the following:</p>
+<li>Compile Subversion with the <tt>--disable-plaintext-password-storage</tt>
+    option to <tt>configure</tt> or install a binary package that was compiled
+    this way. Be aware that users can circumvent this by compiling or
+    installing their own Subversion binaries and/or by creating a plaintext
+    cache manually.</li>
+<li>Allow encrypted stores like GNOME Keyring and KWallet, but not the
+    Plaintext cache, by setting <tt>store-plaintext-passwords = no</tt> in
+    Subversion's run-time config settings. See the per user files at
+    <tt>~/.subversion/config</tt> and <tt>~/.subversion/servers</tt>, and the
+    systemwide files at <tt>/etc/subversion/config</tt> and
+    <tt>/etc/subversion/servers</tt>.</li>
+<p>For more on plaintext credentials, see the <a
+>FAQ entry.</a></p>
+</div> <!-- plaintext-passwords-supported -->
 </div> <!-- client-server-improvements -->
 </div>  <!-- enhancements -->

Reply via email to