On Tue, Jan 03, 2012 at 04:19:29PM -0000, Apache subversion Wiki wrote: > + === GPG Agent === > + Subversion's 1.8-dev codebase currently offers an integration with GPG > Agent, which is yet another third-party cryptographic service provider. > +
Even though this auth provider has "GPG" in its name, there is no crypto involved. It is merely an in-memory cache of the password, in plaintext. The only advantage is that the password is not written to disk. See the "SECURITY CONSIDERATIONS" comment added in this commit: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?r1=1151053&r2=1151069
