Package: subversion Version: 1.4.2dfsg1-2 Subversion has the options "store-passwords" and "store-auth-creds" set to yes by default (they are commented out in /etc/subversion/config and default to yes). With theese option set the "svn" command stores the supplied user credentials without asking the user, especially the password, which is stored in plain text.
This is a subversion bug in the first place and has been forwarded to the subversion team ( bug #312441 ), but they don't seem to care. Setting "store-auth-creds = no" in /etc/subversion/config in the Debian Package would work around this security problem for now and provide a safer default installation. As this file is copied to the user directory when svn is first used it won't break old setups. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
