Den mån 23 aug. 2021 kl 13:50 skrev Nathan Hartman <hartman.nat...@gmail.com >:
> On Mon, Aug 23, 2021 at 6:15 AM Johan Corveleyn <jcor...@gmail.com> wrote: > >> I know the decision to disable plaintext pwd storage by default was >> briefly discussed on this very list [1], but sadly I didn't pay >> attention back then. I have a lot of respect for all people involved >> here, but I think this was a mistake, especially WRT server machines >> which don't have a GUI, no X11 etc. Or even if they have it installed, >> why force additional work on users / sysadmins that have been running >> these machines for years, and now have to jump through additional >> hoops, even if they decided before (through explicit configuration) >> that they were OK with plaintext password storage (= their decision / >> responsability). >> > [...] [1] >> https://lists.apache.org/thread.html/6751582f2d8eda885722933f935a3c90d1b0adb0f9c9dbe536a5c2d7%40%3Cdev.subversion.apache.org%3E >> >> -- >> Johan >> > > > Given the amount of complaints/trouble this change has led to, perhaps we > should rethink it and consider an approach where plaintext saving is always > compiled in but off until enabled by runtime config or something. > Has there been any complaints about Subversion's ability to store passwords in plaintext? (I tried to search the mailing list but didn't come up with anything, possibly because of a lack of imagination on proper keywords). Maybe these complaints would have gone to the different distributions? For reference, here is the e-mail where Stefan Sperling mentions the change in OpenBSD to re-enable support for plaintext passwords in OpenBSD: [2] I would encourage everyone to re-read that message since it has a good summary of arguments (including a link to a request from a corporate security group to TortoiseSVN to avoid storing a password in plaintext in memory). For me the route taken by OpenBSD seems reasonable: - Enable plaintext passwords in the compile time defaults - Disable plaintext passwords in the default runtime configuration - Let the users re-enable it in their configuration if they want to Pros: * It would not change the default behaviour. * It would enable users to enable plaintext passwords in configuration without having to recompile. Cons: * Potentially some security group would argue about the possibility to enable plaintext passwords at all. Kind regards, Daniel Sahlberg [2] http://mail-archives.apache.org/mod_mbox/subversion-dev/202008.mbox/%3C20200807083932.GU55188%40ted.stsp.name%3E
