On 16 apr 2012, at 20:05, "C. Michael Pilato" <cmpil...@collab.net> wrote:
> On 04/16/2012 12:33 PM, Thomas Åkesson wrote: >> Personally, the feature to manually move/copy the encrypted store is >> definitely useful, but I do consider some other features of the >> Desktop-integrated storage APIs significantly more value-adding (I mostly >> use OSX Keychain): >> >> - Unlocking the encrypted storage on login. (would still work, via master >> passphrase in Keychain/KWallet/Keyring) >> - Not a separate passphrase. Changing password for the OS user account >> manages the re-encryption. >> - Automated password storage replication. OS X with MobileMe (subscription) >> _had_ this feature. It is sorely missed in iCloud and I am not alone in >> hoping for its return. >> - Relatively intuitive UI to manage cached credentials, including retrieving >> forgotten ones. >> >> I am afraid OS X users might consider moving away from Keychain a bit of a >> regression (can't speak for Gnome/KDE users). > > Yeah, I hear you about the OS X user point of view. At this point, I'm > fairly convinced that for Windows and OS X, the use-master-password feature > will be less frequently used. (It will be off by default on all OSes.) AFAIK, both Kwallet and Gnome Keyring require a graphical desktop and to a large extent lack command line tools. Is that kind of the core problem here? I would like to see a non-graphical implementation of the Secret Service API with a solid CLI. That would merit a project in itself, separate from Subversion (e.g. Apache Keywhatever). It seems like Dbus can be used either with a daemon or more light-weight with just libdbus. Are there any OS with pressing need for Subversion password storage that does not have libdbus? Alternatively, if there is a determination to implement encrypted storage within the Subversion project, how about basing that "module" on the Secret Service API, with or without libdbus? - All Subversion's requests for secrets done with the same API, untangling the code. - Internally stored secrets are just returned by the module (non-graphical POSIX-systems and potentially Windows). - Secrets stored in Gnome Keyring/Kwallet are requested using their Secret Service implementation, which is simply relaying the API calls. - Keychain is wrapped by the module. Not sure how difficult it is to map Keychain and the Secret Service API, but it would be a bit surprising if it turns out to be impossible.