Den fre 27 aug. 2021 kl 09:15 skrev Johan Corveleyn <jcor...@gmail.com>:
> On Thu, Aug 26, 2021 at 3:44 PM Mark Phippard <markp...@gmail.com> wrote: > > > > On Thu, Aug 26, 2021 at 6:30 AM Stefan Sperling <s...@elego.de> wrote: > > > > > The answer might be that 'svn authz add' should simply not contact the > > > server to check credentials. Which means we cannot check upfront > whether > > > the user running 'svn auth add' knows valid credentials. > > > > Yeah that seems reasonable. Basically an "official" version of what > > the scripts are doing. > > > > All that said, I still favor restoring the previous behavior where > > this is enabled by default and a packager can compile it out if they > > so choose. > > +1, I would prefer that as well (was quite happy with the previous > behavior :-)). > > If that's not an option (because of $security-reasons / loud voices), > a workaround with some 'svn auth' extension would definitely help > mitigate the break in usability / backwards compatibility that now > occurred. > I'm also +1 to enable by default but disabling in config. I'm not against the svn auth option but I prefer the "old" way since it is integrated in the normal flow. Of course we should consider any loud voices (and according to Stefan Sperling upthread there might have been issues raised in private forums) but will an svn auth option make them happier? Kind regards /Daniel Sahlberg
