On 6/5/14, 6:16 PM, Bert Huijben wrote:
> Do we make sure that we only send the password to an exact match of the realm?
> Otherwise somebody might be able to theoretically steal passwords by using a
> special realm string on a completely different server.
Moving this to private.
Trunk has code t
On 6/5/14, 6:16 PM, Bert Huijben wrote:
> I don’t see why TortoiseSVN and other Windows clients would be affected, given
> that we don't enable the gpg support on Windows.
Right, sorry I was just thinking of an example of multiple client use and
that's what came to mind. But only enabling it on *
I don’t see why TortoiseSVN and other Windows clients would be affected, given
that we don't enable the gpg support on Windows. +1 on adding a prefix, as the
current code might also break other gpg users.
Do we make sure that we only send the password to an exact match of the realm?
Otherwise
On 6/2/14, 6:59 PM, Ben Reser wrote:
> The failure to cache on the first connection to the realm issue is a little
> bit
> harder to solve. There is actually a PRESET_PASSPHARSE call in gpg-agent's
> API. But it only works when gpg-agent is started with
> --allow-preset-passphrase. I think we s
On 6/2/14, 6:59 PM, Ben Reser wrote:
> Commit message for the patch:
> [[[
> Make the gpg-agent pinentry not ask for confirmation of password entries and
> make it re-prompt if the password is incorrect.
>
> * subversion/libsvn_subr/gpg_agent.c:
> (ATTEMPT_PARAMETER): New macro.
> (send_option
On Mon, Jun 02, 2014 at 06:59:01PM -0700, Ben Reser wrote:
> Subversion currently tells gpg-agent when prompting the user for a password to
> confirm the password by asking the user to re-enter it. This choice appears
> to
> have been made because gpg-agent will cache a password without knowing f
Since 1.8 we've supported using gpg-agent to store passwords in memory.
http://subversion.apache.org/docs/release-notes/1.8.html#gpg-agent
Today I was getting asked about some odd behavior that a customer was seeing so
I took some time to investigate.
The behavior of this setup is very wonky and
7 matches
Mail list logo
