[Python-Dev] PEP: Migrating the Python CVS to Subversion (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Sat Jul 30 00:22:18 CEST 2005
- Previous message: [Python-Dev] PEP: Migrating the Python CVS to Subversion
- Next message: [Python-Dev] PEP: Migrating the Python CVS to Subversion
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Barry Warsaw wrote:
I disagree. By reserving password generation to the pydotorg admins, we can better insure the passwords are more robust against dictionary attacks. See my previous message. I actually /don't/ want individuals to be able to set their own passwords. In practice, you only have to know your password once, because svn caches the authentication (yes, that opens up opportunities for compromise, but that's how svn works).
See Michael's (I think) message: that is a much greater risk than the one of a brute-force attack. In our environment, a determined student could easily read out my home directory, and get at my pydotorg password (if I would allow svn to cache it). They would have to break all kinds of rules in doing so; yet, it would be technically possible - so I just can't turn on this svn setting, and have to type the password every time. This is surely inconvenient, as I cannot even remember the password.
Regards, Martin
- Previous message: [Python-Dev] PEP: Migrating the Python CVS to Subversion
- Next message: [Python-Dev] PEP: Migrating the Python CVS to Subversion
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]