Les Mikesell wrote on Fri, Jan 07, 2011 at 10:43:58 -0600: > On 1/4/2011 8:25 PM, Nico Kadel-Garcia wrote: >> >> This is a very large and longstanding issue for me and others, and has >> led to clients of mine rejecting Subversion outright. And it looks >> like a legacy of Subversion's re-implementation of CVS, described as >> "CVS done right". CVS security was even worse. > > I'd say instead that it looks like a lack of a suitable cross-platform > security library - or more specifically a lack of a suitable OS facility > in Linux to manage per-user application passwords. >
If anyone has a weekend to spare, please take the time to write glue code that connects svn_auth.h with some crypto library: 'gpg -c' or 'openssl enc' or GPGME or some other library. The starting point on svn's side is the 'provider' interface in svn_auth.h. > -- > Les Mikesell > lesmikes...@gmail.com >
