Tino Wildenhain wrote:
I would support HTTP anonymous checkouts. I'm really against
writable HTTP checkouts because I consider the credentials
mechanism for HTTP access to be extremely lame.
whether SVN or not, I'm guessing any use of HTTP basic authentication
mechanism qualifies as "extremely lame"! I've no idea if this is what
Jim
meant though :)
Well, I hope ;)
Why? The password are never sent over the wire unencrypted?
Yes, caching them locally in cleartext blows a lot, especially since the
files and directories that contain them are world readable, but this is
a bug we should raise with the svn guys.
That said, I'll ask again, why are we so paranoid about security? WE're
working on a piece of open source software here...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
