subject:"Re\: svn commit\: r1902590 \- \/subversion\/trunk\/tools\/client\-side\/store\-plaintext\-password.py"

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-15 Thread Daniel Shahaf

Nathan Hartman wrote on Thu, Jul 14, 2022 at 10:45:07 -0400:
> On Thu, Jul 14, 2022 at 10:02 AM Daniel Sahlberg
>  wrote:
> >
> > Den tors 14 juli 2022 kl 15:52 skrev Daniel Shahaf 
> > :
> >>
> >> Nathan Hartman wrote on Wed, 13 Jul 2022 15:29 +00:00:
> >> > On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf  
> >> > wrote:
> >> >> Should the entry link to the zsh script
> >> >> (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
> >> >> as well, as an alternative?  It might be useful for someone if their
> >> >> environment doesn't have Python installed or if they find the zsh script
> >> >> easier to audit.
> >> >
> >> > I think it would be useful, and...
> >> >
> >> >> (Well, I suppose it might make more sense to copy the script
> >> >> somewhere than to link to an immutable archives message with that
> >> >> subject line.)
> >> >
> >> > ...the place to put it is probably tools/client-side/ just like the
> >> > Python script.
> >>
> >> Being in tools/ would imply dev@ accepts responsibility for bug reports
> >> against the zsh script.  Is dev@ happy to do that?  I'm concerned about
> >> the bus factor.
> >
> >
> > I was just about to say the same thing (and with no intention to
> > discredit the zsh version). If it is desirable to list all available
> > realms and let the user choose interactively, I could add that to
> > the Python script.

Adding such functionality would reduce the amount of legwork for users
(= would move the Python script leftwards on ).

> > I was also going to add that I think it is better to provide one
> > tool and make sure that tool is working well instead of having two
> > tools that differ only in tiny details, since they might bit-rot in
> > different ways over time and it might be hard for a newcomer to
> > understand the motivation of having different tools.
> 

Agreed: knobs have a cost both to maintainers and to users.  However, we
should balance this downside with potential upsides, such as the ones I
offered above:

> >> >> [...]  It might be useful for someone if their environment
> >> >> doesn't have Python installed or if they find the zsh script
> >> >> easier to audit.

I'm not implying those points outweigh Daniel's; I'm just saying we
have identified pros and cons but haven't tallied them up yet.

For instance, perhaps we should link to both implementations but make it
clear that the Python one is preferred, community supported, "Use it
unless you know you need the other one", etc..

> 
> These are all good points.
> 
> I admit that zsh is a bit of a mystery to me, as is the script, so I
> couldn't provide support for it, at least not with my current
> knowledge. I am impressed that zsh can do so much with so little.
> 

zsh syntax can be terse, but the script is pretty much translatable
line-for-line into Python, except for the 'select' loop:

https://zsh.sourceforge.io/Doc/Release/Shell-Grammar.html#index-select

… which would be this:

def select(choices):
for i_and_element in enumerate(choices):
print("{}: {}".format(*i_and_element))
n = int(input("Choice number: "))
if not (0 <= n < len(choices)):
raise ...
return choices[n]

(plus a few more lines for the argv and loop support)

> It's in the list archives, but as DanielSh points out, is in a thread
> with a not-so-nice subject. That could be addressed by re-mailing it
> to dev@ with a new subject, e.g., "Prototype zsh script to store svn
> password in plaintext" in case anyone ever asks or searches for a
> non-Python way to do it. We could even link to it from the same FAQ,
> e.g., "An example of how to store svn plaintext credentials was
> implemented as a zsh script. It is unsupported by the SVN maintainers
> but can be found at [link] for pedagogical purposes."

If we give the script a new URL, perhaps we could make that URL identify
a _mutable_ resource, so if we ever have to update the script all its
users won't have to update their bookmarks?  Just a nice-to-have.

Cheers,

Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-14 Thread Nathan Hartman

On Thu, Jul 14, 2022 at 10:02 AM Daniel Sahlberg
 wrote:
>
> Den tors 14 juli 2022 kl 15:52 skrev Daniel Shahaf :
>>
>> Nathan Hartman wrote on Wed, 13 Jul 2022 15:29 +00:00:
>> > On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf  
>> > wrote:
>> >> Should the entry link to the zsh script
>> >> (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
>> >> as well, as an alternative?  It might be useful for someone if their
>> >> environment doesn't have Python installed or if they find the zsh script
>> >> easier to audit.
>> >
>> > I think it would be useful, and...
>> >
>> >> (Well, I suppose it might make more sense to copy the script
>> >> somewhere than to link to an immutable archives message with that
>> >> subject line.)
>> >
>> > ...the place to put it is probably tools/client-side/ just like the
>> > Python script.
>>
>> Being in tools/ would imply dev@ accepts responsibility for bug reports
>> against the zsh script.  Is dev@ happy to do that?  I'm concerned about
>> the bus factor.
>
>
> I was just about to say the same thing (and with no intention to discredit 
> the zsh version). If it is desirable to list all available realms and let the 
> user choose interactively, I could add that to the Python script.
>
> I was also going to add that I think it is better to provide one tool and 
> make sure that tool is working well instead of having two tools that differ 
> only in tiny details, since they might bit-rot in different ways over time 
> and it might be hard for a newcomer to understand the motivation of having 
> different tools.

These are all good points.

I admit that zsh is a bit of a mystery to me, as is the script, so I
couldn't provide support for it, at least not with my current
knowledge. I am impressed that zsh can do so much with so little.

It's in the list archives, but as DanielSh points out, is in a thread
with a not-so-nice subject. That could be addressed by re-mailing it
to dev@ with a new subject, e.g., "Prototype zsh script to store svn
password in plaintext" in case anyone ever asks or searches for a
non-Python way to do it. We could even link to it from the same FAQ,
e.g., "An example of how to store svn plaintext credentials was
implemented as a zsh script. It is unsupported by the SVN maintainers
but can be found at [link] for pedagogical purposes."

Cheers,
Nathan

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-14 Thread Daniel Sahlberg

Den ons 13 juli 2022 kl 22:34 skrev Nathan Hartman :

> On Wed, Jul 13, 2022 at 11:26 AM Daniel Shahaf 
> wrote:
> >
> > Daniel Shahaf wrote on Wed, 13 Jul 2022 14:54 +00:00:
> >> Incidentally, Daniel, r1902590 needs s/real'/realm'/.
>
> Fixed, r1902705.
>

Thanks Nathan!

/Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-14 Thread Daniel Sahlberg

Den tors 14 juli 2022 kl 15:52 skrev Daniel Shahaf :

> Nathan Hartman wrote on Wed, 13 Jul 2022 15:29 +00:00:
> > On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf 
> wrote:
> >> Should the entry link to the zsh script
> >> (
> https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E
> )
> >> as well, as an alternative?  It might be useful for someone if their
> >> environment doesn't have Python installed or if they find the zsh script
> >> easier to audit.
> >
> > I think it would be useful, and...
> >
> >> (Well, I suppose it might make more sense to copy the script
> >> somewhere than to link to an immutable archives message with that
> >> subject line.)
> >
> > ...the place to put it is probably tools/client-side/ just like the
> > Python script.
>
> Being in tools/ would imply dev@ accepts responsibility for bug reports
> against the zsh script.  Is dev@ happy to do that?  I'm concerned about
> the bus factor.
>

I was just about to say the same thing (and with no intention to discredit
the zsh version). If it is desirable to list all available realms and let
the user choose interactively, I could add that to the Python script.

I was also going to add that I think it is better to provide one tool and
make sure that tool is working well instead of having two tools that differ
only in tiny details, since they might bit-rot in different ways over time
and it might be hard for a newcomer to understand the motivation of having
different tools.

Kind regards,
Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-14 Thread Daniel Shahaf

Nathan Hartman wrote on Wed, 13 Jul 2022 15:29 +00:00:
> On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf  
> wrote:
>> Should the entry link to the zsh script
>> (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
>> as well, as an alternative?  It might be useful for someone if their
>> environment doesn't have Python installed or if they find the zsh script
>> easier to audit.
>
> I think it would be useful, and...
>
>> (Well, I suppose it might make more sense to copy the script
>> somewhere than to link to an immutable archives message with that
>> subject line.)
>
> ...the place to put it is probably tools/client-side/ just like the
> Python script.

Being in tools/ would imply dev@ accepts responsibility for bug reports
against the zsh script.  Is dev@ happy to do that?  I'm concerned about
the bus factor.

Cheers,

Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Nathan Hartman

On Wed, Jul 13, 2022 at 11:26 AM Daniel Shahaf  wrote:
>
> Daniel Shahaf wrote on Wed, 13 Jul 2022 14:54 +00:00:
>> Incidentally, Daniel, r1902590 needs s/real'/realm'/.

Fixed, r1902705.

Cheers,
Nathan

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Nathan Hartman

On Wed, Jul 13, 2022 at 10:55 AM Daniel Shahaf  wrote:
>
> Nathan Hartman wrote on Wed, 13 Jul 2022 13:43 +00:00:
> > On Wed, Jul 13, 2022 at 9:33 AM Daniel Shahaf 
> > wrote:
> >
> >> dsahlb...@apache.org wrote on Fri, Jul 08, 2022 at 23:39:14 -:
> >> > A new script to store/update a password in the plain text password store
> >> >
> >> > * tools/client-side/store-plaintext-password.py
> >> >   As above
> >> >
> >> > Discussed on dev@:
> >> https://lists.apache.org/thread/jfd0f5n2qpgnyc30dst6ycnkphcwf6mm
> >> >
> >> > Added:
> >> > subversion/trunk/tools/client-side/store-plaintext-password.py
> >>  (with props)
> >>
> >> Presumably, now that it's been added, we should link it from somewhere
> >> to make it discoverable by users?
> >
> >
> >
> > Ah yes, it is on my todo list to link to it from the FAQ [1]. :-)
> >
> > [1] https://subversion.apache.org/faq.html#plaintext-passwords
>
> Added to staging in r1902704.  Hope you don't mind :)  Please take it
> from here if you have time.

Ah, you beat me to it. :-) LGTM. I was about to ask you:

> Should the entry link to the zsh script
> (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
> as well, as an alternative?  It might be useful for someone if their
> environment doesn't have Python installed or if they find the zsh script
> easier to audit.

I think it would be useful, and...

> (Well, I suppose it might make more sense to copy the script
> somewhere than to link to an immutable archives message with that
> subject line.)

...the place to put it is probably tools/client-side/ just like the
Python script.

Cheers,
Nathan

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Daniel Shahaf

Daniel Shahaf wrote on Wed, 13 Jul 2022 14:54 +00:00:
> Nathan Hartman wrote on Wed, 13 Jul 2022 13:43 +00:00:
>> On Wed, Jul 13, 2022 at 9:33 AM Daniel Shahaf 
>> wrote:
>>
>>> dsahlb...@apache.org wrote on Fri, Jul 08, 2022 at 23:39:14 -:
>>> > A new script to store/update a password in the plain text password store
>>> >
>>> > * tools/client-side/store-plaintext-password.py
>>> >   As above
>>> >
>>> > Discussed on dev@:
>>> https://lists.apache.org/thread/jfd0f5n2qpgnyc30dst6ycnkphcwf6mm
>>> >
>>> > Added:
>>> > subversion/trunk/tools/client-side/store-plaintext-password.py
>>>  (with props)
>>>
>>> Presumably, now that it's been added, we should link it from somewhere
>>> to make it discoverable by users?
>>
>>
>>
>> Ah yes, it is on my todo list to link to it from the FAQ [1]. :-)
>>
>> [1] https://subversion.apache.org/faq.html#plaintext-passwords
>
> Added to staging in r1902704.  Hope you don't mind :)  Please take it
> from here if you have time.
>
> Should the entry link to the zsh script
> (https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
> as well, as an alternative?  It might be useful for someone if their
> environment doesn't have Python installed or if they find the zsh script
> easier to audit.
>

Also, the zsh script offers the user to select a realm from a list,
whereas the python script asks the user to pass the realm in in argv[].
I.e., the zsh script may be easier to use.

Incidentally, Daniel, r1902590 needs s/real'/realm'/.

Cheers,

Daniel

> (Well, I suppose it might make more sense to copy the script
> somewhere than to link to an immutable archives message with that
> subject line.)
>
> Cheers,
>
> Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Daniel Shahaf

Nathan Hartman wrote on Wed, 13 Jul 2022 13:43 +00:00:
> On Wed, Jul 13, 2022 at 9:33 AM Daniel Shahaf 
> wrote:
>
>> dsahlb...@apache.org wrote on Fri, Jul 08, 2022 at 23:39:14 -:
>> > A new script to store/update a password in the plain text password store
>> >
>> > * tools/client-side/store-plaintext-password.py
>> >   As above
>> >
>> > Discussed on dev@:
>> https://lists.apache.org/thread/jfd0f5n2qpgnyc30dst6ycnkphcwf6mm
>> >
>> > Added:
>> > subversion/trunk/tools/client-side/store-plaintext-password.py
>>  (with props)
>>
>> Presumably, now that it's been added, we should link it from somewhere
>> to make it discoverable by users?
>
>
>
> Ah yes, it is on my todo list to link to it from the FAQ [1]. :-)
>
> [1] https://subversion.apache.org/faq.html#plaintext-passwords

Added to staging in r1902704.  Hope you don't mind :)  Please take it
from here if you have time.

Should the entry link to the zsh script
(https://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200816130713.6abca815%40tarpaulin.shahaf.local2%3E)
as well, as an alternative?  It might be useful for someone if their
environment doesn't have Python installed or if they find the zsh script
easier to audit.

(Well, I suppose it might make more sense to copy the script
somewhere than to link to an immutable archives message with that
subject line.)

Cheers,

Daniel

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Nathan Hartman

On Wed, Jul 13, 2022 at 9:33 AM Daniel Shahaf 
wrote:

> dsahlb...@apache.org wrote on Fri, Jul 08, 2022 at 23:39:14 -:
> > A new script to store/update a password in the plain text password store
> >
> > * tools/client-side/store-plaintext-password.py
> >   As above
> >
> > Discussed on dev@:
> https://lists.apache.org/thread/jfd0f5n2qpgnyc30dst6ycnkphcwf6mm
> >
> > Added:
> > subversion/trunk/tools/client-side/store-plaintext-password.py
>  (with props)
>
> Presumably, now that it's been added, we should link it from somewhere
> to make it discoverable by users?



Ah yes, it is on my todo list to link to it from the FAQ [1]. :-)

[1] https://subversion.apache.org/faq.html#plaintext-passwords

Cheers,
Nathan

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

2022-07-13 Thread Daniel Shahaf

dsahlb...@apache.org wrote on Fri, Jul 08, 2022 at 23:39:14 -:
> A new script to store/update a password in the plain text password store
> 
> * tools/client-side/store-plaintext-password.py
>   As above
> 
> Discussed on dev@: 
> https://lists.apache.org/thread/jfd0f5n2qpgnyc30dst6ycnkphcwf6mm
> 
> Added:
> subversion/trunk/tools/client-side/store-plaintext-password.py   (with 
> props)

Presumably, now that it's been added, we should link it from somewhere
to make it discoverable by users?

Cheers,

Daniel
(I have reviewed the changes you mentioned on dev@ and have no comments.)

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

Re: svn commit: r1902590 - /subversion/trunk/tools/client-side/store-plaintext-password.py

11 matches

Site Navigation

Mail list logo

Footer information