mån 13 jan. 2025 kl. 17:36 skrev Bo Berglund <bo.bergl...@gmail.com>:

> On Mon, 13 Jan 2025 07:59:35 +0100, Daniel Sahlberg
> <daniel.l.sahlb...@gmail.com> wrote:
>
> >Den mån 13 jan. 2025 kl 00:29 skrev Bo Berglund <bo.bergl...@gmail.com>:
> >
> >> So in which versions has the plaintext cache been removed?
> >>
> >
> >There is no simple answer to this question. The best answer I can give is
> >that in 1.12 the compile time default was changed [1] to stop writing to
> >the plaintext password store. This will be reverted in 1.15 [2]. However
> >different distributions may decide to compile their packages using
> >non-default settings. As one example, it has been reported on the list
> that
> >OpenBSD compiles Subversion with the plaintext cache ENABLED but sets the
> >systemwide configuration option to disable storing passwords. That
> probably
> >explain why you receive different results between different machines, some
> >may have decided to follow the OpenBSD example.
> >
> >Question:
> >> -----------
> >> Is it possible to get a newer svn version installed in Ubuntu than what
> is
> >> provided by the apt installer for the Ubuntu distribution?
> >>
> >
> >You can always build your own. Otherwise I'd suggest you contact
> >Canonical's support.
> >
>
> I guess I have to figure out something else, for example putting a
> RaspberryPi
> (with a newer subversion) on that network just as an alert agent.
>
> A separate RPi4 image can be built here and then transferred over via
> Internet
> so they can burn it to a blank SDcard and start the RPi device up there.
> Once on that netywork I can manage it from here via VPN.
>
> Meanwhile I have to enable the script on the Ubuntu server and put
> username/password into the call. That at least works, I have tested.
> I will protect it by modifying the $HOME/.subversion directory and the
> script to
> be only accessible by me. But executable by the system of course.


You are probably more secure by using the Python script linked from the FAQ
to insert a password into the password cache than by putting it on the
command line. In either case it is stored in plaintext on the computer. If
it is on the command line, it will be visible using ps. If it is stored in
the password cache, it will only be visible to root (as long as you protect
your ~ in an appropriate way).

Cheers
Daniel

Reply via email to