> As of CVS 1.10.8 public repositories don't need passwords at all, which
> avoids the problem.
Only when the world's repositories (or at least sourceforge :) upgrade.
> (If you can
> run a script as the user you should be able to su, no?)
What, you don't use setuid wrappers and run shell scripts? :)
> The transliteration is like putting a letter in an envelope rather than
> sending a postcard -- it won't stop anyone who really wants to read it
> from reading it, but it will keep the idly curious from reading it.
I don't think analogy quite works, since I don't need to read it to use it,
I can just copy it into my own .cvspass file
export CVSPASSFILE=/tmp/p$$
cat /home/*/.cvspass >CVSPASSFILE
I hope I'm not belaboring a point, but the illusion ("ooh, they're
encrypted")
really gives a false sense of security. Particularly for repositories, I
believe. They're either public (to the Internet, or corporate behind a
firewall)
or they're very very private. I don't think "the idly curious" really enter
into the situation.
> > How about
> > adding something like this near the top of descramble()
> > if (str[0] == 'B')
> > return xstrdup (str+1);
> > Perhaps P for plaintext? I would then change scramble to output the B method.
>
> I wouldn't have any objections to something like that.
Cool. So how does that go about getting done?
/r$
