Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-13 Thread James McCoy
On Wed, May 10, 2017 at 08:34:59AM -0400, James McCoy wrote: > On Tue, May 09, 2017 at 09:36:18AM -0400, Mark Phippard wrote: > > I would expect a feature like this to at least require some kind of opt-in > > mechanism.  In this case, it should require some setting in config that is > > not > > on

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-10 Thread James McCoy
On Tue, May 09, 2017 at 09:36:18AM -0400, Mark Phippard wrote: > On Tue, May 9, 2017 at 8:02 AM, James McCoy wrote: > > > Subversion is a library and we should be very careful about this. I > think > this code is by default left out on Windows, but there are tons of cert > reports wh

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Mark Phippard
On Tue, May 9, 2017 at 8:02 AM, James McCoy wrote: > > Subversion is a library and we should be very careful about this. I > think this code is by default left out on Windows, but there are tons of > cert reports where just loading a library dynamically to test something is > a security problem,

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread James McCoy
On Tue, May 09, 2017 at 01:00:00PM +0200, Bert Huijben wrote: > > -Original Message- > > From: Stefan Sperling [mailto:s...@elego.de] > > Sent: dinsdag 9 mei 2017 11:26 > > To: Bert Huijben > > Cc: dev@subversion.apache.org > > Subject: Re: svn commit:

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Stefan Sperling
On Tue, May 09, 2017 at 01:00:00PM +0200, Bert Huijben wrote: > > > > -Original Message- > > From: Stefan Sperling [mailto:s...@elego.de] > > Sent: dinsdag 9 mei 2017 11:26 > > To: Bert Huijben > > Cc: dev@subversion.apache.org > > Subje

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Daniel Shahaf
Stefan Sperling wrote on Tue, May 09, 2017 at 11:26:26 +0200: > I am fine with restricting the PATH if that's a concern. Not sure what > this would look like on Windows but we could probably restrict it to > something like "/usr/bin:/usr/local/bin" on Unix-like systems without > much risk of breaki

RE: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Bert Huijben
> -Original Message- > From: Stefan Sperling [mailto:s...@elego.de] > Sent: dinsdag 9 mei 2017 11:26 > To: Bert Huijben > Cc: dev@subversion.apache.org > Subject: Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS > > On Tue, May 09, 2017 at 09:13:

Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Stefan Sperling
On Tue, May 09, 2017 at 09:13:57AM +0200, Bert Huijben wrote: > I haven’t investigated this any further, but do we now try to start the > gpg-agent on every invocation of a command just to poll if we perhaps have a > GPG agent running, and might want to use that authentication option? No. gpgconf

RE: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS

2017-05-09 Thread Bert Huijben
I haven’t investigated this any further, but do we now try to start the gpg-agent on every invocation of a command just to poll if we perhaps have a GPG agent running, and might want to use that authentication option? I don’t think we want to do that as a simple replacement of a cheap check of a