Den lör 22 apr. 2023 kl 10:30 skrev Branko Čibej <br...@apache.org>:
> On 22.04.2023 10:27, Branko Čibej wrote: > > On 21.04.2023 16:43, Johan Corveleyn wrote: > > > My plan is to revert r1845377 during next weekend. For the first bulletpoint > nothing has to be done, but if consensus changes during the week, I can do > the work to to implement option 1. For the second bullet point I'd like to > reach consensus (on the short- and long term plan) by the same time, then if > we decide on 2/3 we will put it on the wish list for a future release. > > Great! > > There was one additional suggestion: obfuscate plaintext passwords, or > encrypt them with a key embedded in the code (or even with a key > supplied at compile-time). > > > There's actually a branch for that, but the feature never made it to trunk. > > > I'll just add that the intent of that branch is to properly encrypt > passwords at least on Linux, not to obfuscate them or embed a key in the > code. The latter is worse than storing in plain text, because the effect is > the same but it adds a veneer of false sense of security. > I assume you are referring to the master-password branch? That will not help with the use case some users are having - ie unattended svn actions - since the user will have to enter the master password instead of the password. (The use case "not remembering a lot of different passwords while not storing passwords in clear" is of course solved by a master password). --- thread reply --- As you have probably seen, I've committed the revert as r1909351. I have not made up my mind regarding the other points, but as pointed out by several others, let's start with reverting and then take it from there. I will read through all e-mails once more and see if i can sumarize the discussion somewhat. So far I couldn't see any clear direction. Kind regards, Daniel
