On 20 Jan 2022, Dr. Thomas Orgis wrote:
Am Wed, 19 Jan 2022 20:08:06 -0600
schrieb Karl Fogel <kfo...@red-bean.com>:
2) Disable plaintext passwords in default runtime configuration. Users can re-enable it in their configuration when they want it.

But when no safe mechanism is available, then 'svn authn' will print the big warning message

The latter would happen with the default config, right? And the config
setting would just disable the warning? I think it would be
useless/overbearing nagging otherwise.

No, actually I was thinking one would have to *also* enable plaintext-passwords in the config.

If it's not enabled in run-time config, then 'svn authn' would first let the user know that she would have to enable it in run-time config. Once she has done so, 'svn authn' would then actually be able to store plaintext passwords.

The regular svn command that led to 'svn authn' could also make the same point -- when recommending 'svn authn', it could also point out that run-time config would need to change before plaintext passwords are possible.

(Open to discussion on all the above; I'm just clarifying what I meant in my original post.)

But back on topic: Yes, please make use of simple password storage
usable for everyone again. The use cases are real.

Glad you agree!

Best regards,
-Karl

Reply via email to