Philip Martin <philip.mar...@wandisco.com> writes: > The KDE behaviour is a potential information leak. A random app can use > the Subversion libraries to query a repo, if it can monitor whether > such a query causes the KDE prompt to appear then it can determine > whether or not the password for the repo is in the wallet. Since GNOME > always prompts no such leak is possible.
Thinking about this a bit further, it's not really a leak at all. The information that is leaking is whether or not 'kwallet' is stored in the .subversion/auth directory for a given repository. But any application that is capable of triggering the leak would also be capable of simply reading the .subversion/auth files. -- uberSVN: Apache Subversion Made Easy http://www.uberSVN.com
