On 16 apr 2012, at 16:43, C. Michael Pilato wrote: > On 04/15/2012 03:45 PM, Thomas Åkesson wrote: >>> You are correct. Today we have DSO options for GNOME/KDE, and simple >>> #if-wrapping for Win32 and MacOS. GPG Agent doesn't have the >>> lib/heavy deps, as the code communicates with the agent not through a >>> custom API, but directly via socket I/O. >>> >>> Not sure what you're envisioning when you say "a new callback". >> >> Just want to make sure you are aware of the initiative "Secret Service >> API" unifying Gnome and KDE. The spec is still a draft but it seems that >> both implement it. >> >> http://standards.freedesktop.org/secret-service/ > > I was not aware of the initiative, but am happy to learn of it. The sheer > amount of software replicated between the KDE/Gnome divide is just > embarrassing. > >> How would the hypothetical existence of such a secret storage on Windows >> impact this Subversion initiative? > > If there was a single, > common-and-commonly-available-across-all-supported-OSes way to do this > stuff, that'd be fantastic. But Windows isn't the problem area today, so > I'm not sure that adding yet another way to do secrets on Windows would > matter much.
Ok, sorry. I reread the wiki articles and the thread from late March. I gather, the problem areas are unmaintainable code and OSes where no encrypted storage is available/installed. > > The Secret Service thing would allow us to continue offloading > responsibility for encryption to third-parties as we do today, though at the > continued cost of a hybrid storage model (where half of the details we need > to know to authenticate are cached in ~/.subversion, the other half live > elsewhere). As such it doesn't allow us to easily pick up and relocate an > encrypted store to another machine -- but I don't know how interesting that > feature is to anyone. Personally, the feature to manually move/copy the encrypted store is definitely useful, but I do consider some other features of the Desktop-integrated storage APIs significantly more value-adding (I mostly use OSX Keychain): - Unlocking the encrypted storage on login. (would still work, via master passphrase in Keychain/KWallet/Keyring) - Not a separate passphrase. Changing password for the OS user account manages the re-encryption. - Automated password storage replication. OS X with MobileMe (subscription) _had_ this feature. It is sorely missed in iCloud and I am not alone in hoping for its return. - Relatively intuitive UI to manage cached credentials, including retrieving forgotten ones. I am afraid OS X users might consider moving away from Keychain a bit of a regression (can't speak for Gnome/KDE users). Cheers, /Thomas Å.