Barry Warsaw wrote: > We won't use plain text, but we may (or, we currently do) use basic auth > over ssl. The security then is in the passwords, so we have to make > sure they're generated securely.
That (sort of) *is* plain text passwords. Somebody who took over svn.python.org can get the password. In public-key or digest authentication, this won't be possible. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
