Christian Theune wrote: >> See: >> http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements > > However, this only *allows* clients to manage their password reasonably, > it doesn't force them to.
Well, you can't force someone to keep their private key private either... At the end of the day, if an svn account is compromised, we'll see a load of bogus commits. My understanding of svn is that those are moderately easy to remove. > From my understanding, the interesting part is what the DVCSs do: let > people sign their commits with e.g. their PGP key (strong auth) and > allow them to share that data somewhere (different mechanism maybe not > so strong auth). Well, the only "auth" bit seems to be where the "offical" changesets are.. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )