On 20 Jan 2022, Dr. Thomas Orgis wrote:
Am Wed, 19 Jan 2022 20:08:06 -0600
schrieb Karl Fogel <kfo...@red-bean.com>:
2) Disable plaintext passwords in default runtime
configuration.
Users can re-enable it in their configuration when they want
it.
But when no safe mechanism is available, then 'svn authn' will
print the big warning message
The latter would happen with the default config, right? And the
config
setting would just disable the warning? I think it would be
useless/overbearing nagging otherwise.
No, actually I was thinking one would have to *also* enable
plaintext-passwords in the config.
If it's not enabled in run-time config, then 'svn authn' would
first let the user know that she would have to enable it in
run-time config. Once she has done so, 'svn authn' would then
actually be able to store plaintext passwords.
The regular svn command that led to 'svn authn' could also make
the same point -- when recommending 'svn authn', it could also
point out that run-time config would need to change before
plaintext passwords are possible.
(Open to discussion on all the above; I'm just clarifying what I
meant in my original post.)
But back on topic: Yes, please make use of simple password
storage
usable for everyone again. The use cases are real.
Glad you agree!
Best regards,
-Karl
