I discovered that for working copies checked out with Versions, when the repository requires authentication, the username is hard-coded in the URL for the working copy. That is to say, using `svn info` from the command line shows URLs of the form http://usern...@server.example.com/repository/path . When I want to copy/paste the URL of a specific resource to send it to someone, this adds a step of removing the username and "@" sign, and it makes the URL longer unnecessarily. This *might* even be viewed as a security liability, since if an attacker is able to see the username in the URL, they know a valid login for which they can guess passwords. (I'm aware that the last changed author is also shown by svn info, but I use custom scripts that parse out the root and resource URLs for me in a convenient form without showing anything else.)
I would strongly suggest that this behavior be changed, and that the username be passed with the --username option (or whatever the equivalent is for the SVN API). I have the same beef with Xcode — they also put the username in the URL on checkout, and I'm filing a bug against that as well.
Thanks, - Quinn
smime.p7s
Description: S/MIME cryptographic signature
