Barry Warsaw wrote: > I disagree. By reserving password generation to the pydotorg admins, we > can better insure the passwords are more robust against dictionary > attacks. See my previous message. I actually /don't/ want individuals > to be able to set their own passwords. In practice, you only have to > know your password once, because svn caches the authentication (yes, > that opens up opportunities for compromise, but that's how svn works).
See Michael's (I think) message: that is a much greater risk than the one of a brute-force attack. In our environment, a determined student could easily read out my home directory, and get at my pydotorg password (if I would allow svn to cache it). They would have to break all kinds of rules in doing so; yet, it would be technically possible - so I just can't turn on this svn setting, and have to type the password every time. This is surely inconvenient, as I cannot even remember the password. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
