On Thu, Mar 17, 2011 at 11:33:41PM -0400, Nico Kadel-Garcia wrote: > The 1.6.16 has some minor build-structure changes that have broken the > SRPM's. I'm wondering if it's even worth pursuing, for environments > that don't rely on HTTP/HTTPS authentication, especially because I'm > such a long-standing deprecator of that approach. (This is because the > Linux and UNIX clients store the passwords for HTTP/HTTPS access in > clear text.)
That's not a good reason to neglect a security update. There are folks who need the update. Not that you're obliged to provide one -- you're doing voluntary work, afterall. But I'd expect that a package maintainer to keep the entire userbase in mind. Not just those running particular setups. It's not as if a Subversion HTTP/HTTPS setup was an unsupported use case.
