Rich Salz writes:
>
> When accessing public repositories, there's no need to protect the
> password. My note didn't make that clear enough, sorry.
As of CVS 1.10.8 public repositories don't need passwords at all, which
avoids the problem.
> > What's
> > wrong with doing an interactive ``cvs login'' as the user the script is
> > going to run as so the password is stored in ~/.cvspass?
>
> I'd rather not muck with the (sic) encryption. I know I can login once,
> and cut-and-paste the entry into the script-runner's passfile, but that's
> more than a little bit hokey.
Just su to the user and login -- no cut-and-paste required! (If you can
run a script as the user you should be able to su, no?)
> Come to think of it, isn't it time to bite the bullet and just get rid of
> the password transliteration? It only provides a fall sense of security;
> once you can read the .cvspass file, you can get the passwords.
The transliteration is like putting a letter in an envelope rather than
sending a postcard -- it won't stop anyone who really wants to read it
from reading it, but it will keep the idly curious from reading it.
> How about
> adding something like this near the top of descramble()
> if (str[0] == 'B')
> return xstrdup (str+1);
> Perhaps P for plaintext? I would then change scramble to output the B method.
>
> I mean this seriously.
I wouldn't have any objections to something like that.
-Larry Jones
In a minute, you and I are going to settle this out of doors. -- Calvin
